openssh unix dev - Jul 2002 - possible bug

Platform, configuration, etc would be a useful thing.

On Thu, 4 Jul 2002, Jirka Zajpt wrote:
> I don't know if that what I found is real bug, but I think that
it's
> important.
>
> When you give a valid user at login, openssh waits something about 3
> seconds after giving password (I'am not sure if its depends on system
> configuration). But when you give user which does not exist, openssh
> does not wait the same time. This allows to detect valid user on a
> target system.
>
> Jirka Zajpt, <jirka at zajpt.cz>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

I don't know if that what I found is real bug, but I think that it's 
important.

When you give a valid user at login, openssh waits something about 3 
seconds after giving password (I'am not sure if its depends on system 
configuration). But when you give user which does not exist, openssh 
does not wait the same time. This allows to detect valid user on a 
target system.

Jirka Zajpt, <jirka at zajpt.cz>