Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Remotely triggerable with no authentication; impact bounded to throttle bypass enabling faster brute-force (I:L) and minor resource exhaustion potential (A:L), with no confidentiality impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
AnalysisAI
OpenSSH sshd before version 10.4 fails to consistently enforce its built-in minimum authentication delay, undermining the rate-limiting defense designed to slow credential-guessing attacks against SSH services. All OpenSSH releases prior to 10.4 are affected across all platforms, enabling unauthenticated remote attackers to submit authentication attempts at a rate higher than the daemon intends to permit. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special non-default configuration is required for the throttling bypass to be triggerable - the flaw exists in sshd's core authentication delay logic present in all default OpenSSH deployments prior to 10.4. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 6.5 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L correctly characterizes this as a remotely exploitable, zero-complexity flaw requiring no authentication, but with bounded impact: only limited integrity impact (accelerated credential guessing weakens the authentication posture) and limited availability impact (potential resource exhaustion from uninhibited connection floods). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker targets an Internet-exposed SSH service running OpenSSH prior to 10.4 with password authentication enabled, using an automated tool to submit successive login attempts against a target account without observing the per-attempt delay sshd is supposed to enforce. The attacker cycles through a credential list at a rate significantly higher than the daemon intends, increasing the probability of a successful brute-force match against accounts using weak, common, or reused passwords. … |
| Remediation | Upgrade to OpenSSH 10.4p1 or later, the vendor-released patch confirmed by release notes at https://www.openssh.org/releasenotes.html#10.4p1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42145
GHSA-8pmr-cc7f-4v7w