It was reported  that versions of dropbear prior to 2013.59 suffered from a flaw where it would disclose the existence of valid users due to inconsistent delays on authentication failures.
This has been fixed in git . A CVE assignment is pending .
Created dropbear tracking bugs for this issue:
Affects: fedora-all [bug 1017985]
Affects: epel-all [bug 1017986]
Can I close it now?
Closing, thank you!