http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692 The NIST advisory says that all versions of OpenSSH potentially contain the flaw. But is that really true? For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all. Thanks.