Mitigate timing differences in password authentication that could be
used to discern valid from invalid account names when long passwords
were sent and particular password hashing algorithms are in use on the
server. Reported by EddieEzra.Harari at verint.com

OSVersionArchitecturePackageVersionFilename
anyanyanyopenssh< 7.3p1-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	openssh	< 7.3p1-1	UNKNOWN

References

seclists.org/fulldisclosure/2016/Jul/51

www.openssh.com/txt/release-7.3

access.redhat.com/security/cve/CVE-2016-6210

openvas 12

nessus 30

exploitpack 2

hackerone 1

debian 3

zdt 2

redhat 2

fedora 1

ibm 22

prion 1

cve 1

f5 1

packetstorm 2

veracode 1

centos 2

osv 3

redhatcve 1

debiancve 1

oraclelinux 3

alpinelinux 1

paloalto 1

ubuntucve 1

exploitdb 2

cloudfoundry 1

freebsd 1

slackware 1

ubuntu 1

altlinux 3

checkpoint_advisories 1

aix 1

symantec 1

mageia 1

gentoo 1

amazon 1

rosalinux 1

ics 1

openvas

CentOS Update for openssh CESA-2017:2563 centos6

2017-09-01 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1190)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1189)

2020-01-23 00:00:00

nessus

Oracle Linux 6 : openssh (ELSA-2017-2563)

2017-09-01 00:00:00

Fedora 24 : openssh (2016-7440fa5ce2)

2016-07-21 00:00:00

CentOS 6 : openssh (CESA-2017:2563)

2017-09-01 00:00:00

exploitpack

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

hackerone

Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list

2019-01-08 09:59:42

debian

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

[SECURITY] [DLA 578-1] openssh security update

2016-07-30 21:40:46

zdt

OpenSSHd 7.2p2 - Username Enumeration (2)

2016-07-20 00:00:00

OpenSSHd 7.2p2 - Username Enumeration (1)

2016-07-18 00:00:00

redhat

(RHSA-2017:2563) Moderate: openssh security update

2017-08-31 13:09:34

(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update

2017-08-01 05:57:17

fedora

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

2016-07-20 17:50:40

ibm

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-6210)

2019-01-31 02:25:02

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

2018-06-18 00:51:30

prion

Design/Logic Flaw

2017-02-13 17:59:00

cve

CVE-2016-6210

2017-02-13 17:59:00

K14845276 : OpenSSH vulnerability CVE-2016-6210

2016-12-23 00:00:00

packetstorm

OpenSSHD 7.2p2 User Enumeration

2016-07-18 00:00:00

OpenSSHD 7.2p2 User Enumeration

2016-07-21 00:00:00

veracode

Information Disclosure

2019-01-15 09:20:13

centos

openssh, pam_ssh_agent_auth security update

2017-08-31 18:50:28

openssh, pam_ssh_agent_auth security update

2017-08-24 01:40:16

osv

openssh - security update

2016-07-30 00:00:00

openssh - security update

2016-07-24 00:00:00

CVE-2016-6210

2017-02-13 17:59:00

redhatcve

CVE-2016-6210

2016-07-18 09:18:22

debiancve

CVE-2016-6210

2017-02-13 17:59:00

oraclelinux

openssh security update

2017-08-31 00:00:00

openssh security update

2023-08-11 00:00:00

openssh security, bug fix, and enhancement update

2017-08-07 00:00:00

alpinelinux

CVE-2016-6210

2017-02-13 17:59:00

paloalto

OpenSSH Vulnerability

2016-11-17 17:02:00

ubuntucve

CVE-2016-6210

2016-07-18 00:00:00

exploitdb

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

cloudfoundry

USN-3061-1 OpenSSH vulnerability | Cloud Foundry

2016-08-25 00:00:00

freebsd

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

2016-08-01 00:00:00

slackware

[slackware-security] openssh

2016-08-06 21:10:35

ubuntu

OpenSSH vulnerabilities

2016-08-15 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3

2016-10-20 00:00:00

Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3

2016-10-20 00:00:00

Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2

2016-10-21 00:00:00

checkpoint_advisories

Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)

2011-03-29 00:00:00

aix

AIX OpenSSH Vulnerability

2016-09-08 14:36:37

symantec

SA136 : OpenSSH Vulnerabilities

2016-12-13 08:00:00

mageia

Updated openssh packages fix security vulnerability

2016-08-31 18:32:33

gentoo

OpenSSH: Multiple vulnerabilities

2016-12-07 00:00:00

amazon

Medium: openssh

2017-10-03 11:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.107 Low

EPSS

Percentile

94.5%

JSON

Related for ASA-201608-1