CVE-2026-48859
Analyzed Analyzed - Analysis Complete

Timing Side-Channel Username Enumeration in Erlang/OTP SSH

Publication date: 2026-06-10

Last updated on: 2026-06-15

Assigner: EEF

Description
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames. The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability. This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl. This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-15
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-29
NVD
CVE-2026-48859
EUVD
EUVD-2026-36054

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
erlang erlang/otp From 29.0 (inc) to 29.0.2 (exc)
erlang erlang/ssh From 6.0 (inc) to 6.0.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthenticated remote attackers to enumerate valid usernames via a timing side-channel in SSH password authentication. Such username enumeration can be considered an information disclosure risk, potentially aiding attackers in further compromising systems.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, the ability to enumerate usernames could lead to unauthorized access attempts or data breaches, which may impact compliance with regulations that require protection of personal and sensitive information.

Mitigations such as switching to the `pwdfun` option or restricting SSH access to trusted networks reduce the risk and help maintain compliance by preventing unauthorized information disclosure.

Executive Summary

CVE-2026-48859 is a timing side-channel vulnerability in the SSH server implementation of Erlang/OTP, specifically in the ssh_auth:check_password/3 function when using the user_passwords or password options for password authentication.

The vulnerability arises because the server performs a computationally expensive PBKDF2-SHA256 hashing operation (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames. This timing difference can be detected by an unauthenticated remote attacker in a single authentication attempt.

By measuring this timing discrepancy, an attacker can enumerate valid usernames on the system without needing to authenticate.

The vulnerability affects OTP versions from 29.0 before 29.0.2 and ssh versions from 6.0 before 6.0.1. The recommended alternative to the vulnerable options is the pwdfun option, which is not affected by this timing attack.

Impact Analysis

This vulnerability allows unauthenticated remote attackers to enumerate valid usernames on the affected SSH server by exploiting timing differences during password authentication.

Username enumeration can be a critical first step for attackers to target specific user accounts for further attacks such as brute force password guessing or social engineering.

If your system uses the vulnerable user_passwords or password options for SSH authentication and is exposed to untrusted networks, it is at risk of this attack.

Mitigations include switching to the pwdfun option, which controls timing behavior to prevent this side-channel, or restricting SSH access to trusted networks only.

Detection Guidance

This vulnerability can be detected by measuring the timing difference in SSH password authentication responses for valid versus invalid usernames. Specifically, when the SSH daemon is configured with the user_passwords or password option, a valid username triggers a PBKDF2-SHA256 computation taking approximately 300ms, while an invalid username returns almost immediately (~0ms). This timing discrepancy can be observed in a single authentication attempt.

To detect this on your system or network, you can perform timed SSH authentication attempts using different usernames and measure the response times. A significant delay for some usernames compared to others indicates the presence of this timing side-channel vulnerability.

While no specific commands are provided in the resources, a practical approach is to use tools like 'time' with SSH client commands or custom scripts that attempt SSH login with various usernames and record the response times. For example, using a script to attempt SSH password authentication with different usernames and measuring the elapsed time can reveal valid usernames based on longer response times.

Mitigation Strategies

Immediate mitigation steps include switching the SSH daemon configuration from the vulnerable user_passwords or password options to the pwdfun option, which is not affected by this timing side-channel vulnerability.

Alternatively, restrict SSH port access to trusted networks only, reducing exposure to unauthenticated remote attackers who could exploit this timing discrepancy.

Applying the patch that fixes this vulnerability is also recommended. The patch ensures that both valid and invalid username authentication attempts take equivalent time by pre-computing a fake PBKDF2 checker, eliminating the timing difference.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48859. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart