Lucene search

K
cvelistMitreCVELIST:CVE-2016-6210
HistoryFeb 13, 2017 - 12:00 a.m.

CVE-2016-6210

2017-02-1300:00:00
mitre
www.cve.org
1

6.5 Medium

AI Score

Confidence

High

0.107 Low

EPSS

Percentile

95.1%

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.