CVE-2026-48859 (GCVE-0-2026-48859)
Vulnerability from cvelistv5
Published
2026-06-10 14:35
Modified
2026-06-10 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-208 - Observable Timing Discrepancy
Summary
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.
When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.
The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.
This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.
This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:19:16.914933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:19:43.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_auth",
"ssh_options"
],
"packageName": "ssh",
"packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
"product": "OTP",
"programFiles": [
"src/ssh_auth.erl",
"src/ssh_options.erl"
],
"programRoutines": [
{
"name": "ssh_auth:check_password/3"
},
{
"name": "ssh_options:get_password_option/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"lessThan": "6.0.1",
"status": "affected",
"version": "6.0",
"versionType": "otp"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_auth",
"ssh_options"
],
"packageName": "erlang/otp",
"packageURL": "pkg:github/erlang/otp",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_auth.erl",
"lib/ssh/src/ssh_options.erl"
],
"programRoutines": [
{
"name": "ssh_auth:check_password/3"
},
{
"name": "ssh_options:get_password_option/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"lessThan": "29.0.2",
"status": "affected",
"version": "29.0",
"versionType": "otp"
},
{
"lessThan": "c342092ef4b369bb409d5b71ac8fd83bab74aedf",
"status": "affected",
"version": "032d1bc9491a3975c68faf9bc7776115d6ae3005",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SSH daemon must be configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option for password authentication. Systems using the \u003ctt\u003epwdfun\u003c/tt\u003e option instead are not affected."
}
],
"value": "The SSH daemon must be configured with the user_passwords or password option for password authentication. Systems using the pwdfun option instead are not affected."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.2",
"versionStartIncluding": "29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zhang Delong"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Anderton Andin"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Micha\u0142 W\u0105sowski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\u003c/p\u003e\u003cp\u003eWhen the SSH daemon is configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option, \u003ctt\u003essh_auth:check_password/3\u003c/tt\u003e performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the \u003ctt\u003essh_options:get_password_option/2\u003c/tt\u003e path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\u003c/p\u003e\u003cp\u003eThe \u003ctt\u003euser_passwords\u003c/tt\u003e and \u003ctt\u003epassword\u003c/tt\u003e options are documented as intended for test purposes; the recommended alternative is \u003ctt\u003epwdfun\u003c/tt\u003e, which is not affected by this vulnerability.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_auth.erl\u003c/tt\u003e and \u003ctt\u003elib/ssh/src/ssh_options.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.\u003c/p\u003e"
}
],
"value": "Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\n\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\n\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\n\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:38:17.058Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-48859.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-48859"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use the \u003ctt\u003epwdfun\u003c/tt\u003e option instead of \u003ctt\u003euser_passwords\u003c/tt\u003e for password authentication. The \u003ctt\u003epwdfun\u003c/tt\u003e callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."
}
],
"value": "Use the pwdfun option instead of user_passwords for password authentication. The pwdfun callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."
}
],
"value": "Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-48859",
"datePublished": "2026-06-10T14:35:43.553Z",
"dateReserved": "2026-05-25T20:44:10.697Z",
"dateUpdated": "2026-06-10T16:19:43.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…