Eddie Ezra Harari

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 7.3 **Description** The issue is related to a password hashing error in the ssh network protocol. When SHA256 or SHA512 are used for user password hashing, a timing difference in responses can be leveraged by remote attackers to enumerate users, especially when a large password is provided. This can potentially allow attackers to gain access to confidential data. Additionally, the lack of password length limits for password authentication can cause a denial of service due to excessive CPU consumption when a long string is used. **Recommendations** For OpenSSH versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ssh service to minimize the risk of exploitation. Avoid using excessively long passwords for authentication until the issue is resolved.