OpenSSH user enumeration — confirms valid usernames via timing differences, aiding credential stuffing attacks. Update OpenSSH to 7.8+. Implement rate limiting on SSH attempts and consider key-only authentication to eliminate password-based enumeration risk.
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →