This vulnerability in Erlang/OTP SSH modules ssh_auth and ssh_options allows an unauthenticated attacker to perform username enumeration via a timing side-channel during password authentication. When the SSH daemon uses the user_passwords or password options, the function ssh_auth:check_password/3 performs a PBKDF2-SHA256 hash with 600,000 iterations for valid usernames, causing a delay of approximately 300ms. For invalid usernames, the function returns immediately, creating a measurable timing discrepancy. This difference enables attackers to distinguish valid usernames in a single authentication attempt. The affected versions include OTP 29.0 up to but not including 29.0.2 and SSH 6.0 up to but not including 6.0.1. The vulnerability is linked to files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl. The user_passwords and password options are documented as intended for testing purposes, with pwdfun recommended as a safer alternative.

An unauthenticated remote attacker can enumerate valid usernames on the SSH service by exploiting the timing discrepancy in password authentication. This information disclosure can aid in further targeted attacks but does not directly allow password or system compromise. The vulnerability does not affect the recommended pwdfun option, which does not exhibit this timing difference.

No official patch or fix is currently confirmed for this vulnerability. Users are advised to avoid using the user_passwords or password options in the SSH daemon configuration, as these are intended only for testing. Instead, configure the SSH daemon to use the pwdfun option, which is not affected by this timing side-channel vulnerability. Monitor vendor advisories for updates or official patches.