OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
Published: 2024-07-02
CVSS: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Download Exploit for CVE-2024-39894 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-741-cve-2023-2255/
https://augustaverburg.nl/exploit-631-cve-2025-20387/
https://augustaverburg.nl/exploit-832-cve-2025-12725/
https://augustaverburg.nl/exploit-470-cve-2025-11563/