sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

References

seclists.org/fulldisclosure/2016/Jul/51

www.debian.org/security/2016/dsa-3626

www.securityfocus.com/bid/91812

www.securitytracker.com/id/1036319

access.redhat.com/errata/RHSA-2017:2029

access.redhat.com/errata/RHSA-2017:2563

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

security.gentoo.org/glsa/201612-18

security.netapp.com/advisory/ntap-20190206-0001/

www.exploit-db.com/exploits/40113/

www.exploit-db.com/exploits/40136/

www.openssh.com/txt/release-7.3

redhat 2

nessus 32

debian 3

hackerone 1

openvas 19

exploitpack 2

zdt 2

f5 1

ibm 22

veracode 1

centos 2

nvd 1

packetstorm 2

fedora 1

archlinux 1

prion 1

cve 1

debiancve 1

osv 3

redhatcve 1

oraclelinux 3

alpinelinux 1

ubuntucve 1

paloalto 1

exploitdb 2

freebsd 1

slackware 1

ubuntu 1

cloudfoundry 1

altlinux 3

mageia 1

symantec 1

checkpoint_advisories 1

aix 1

amazon 1

gentoo 1

rosalinux 1

ics 1

redhat

(RHSA-2017:2563) Moderate: openssh security update

2017-08-31 13:09:34

(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update

2017-08-01 05:57:17

nessus

Oracle Linux 6 : openssh (ELSA-2017-2563)

2017-09-01 00:00:00

CentOS 6 : openssh (CESA-2017:2563)

2017-09-01 00:00:00

Fedora 24 : openssh (2016-7440fa5ce2)

2016-07-21 00:00:00

debian

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

[SECURITY] [DLA 578-1] openssh security update

2016-07-30 21:41:01

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

hackerone

Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list

2019-01-08 09:59:42

openvas

CentOS Update for openssh CESA-2017:2563 centos6

2017-09-01 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1190)

2020-01-23 00:00:00

Debian: Security Advisory (DLA-578-1)

2023-03-08 00:00:00

exploitpack

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

zdt

OpenSSHd 7.2p2 - Username Enumeration (2)

2016-07-20 00:00:00

OpenSSHd 7.2p2 - Username Enumeration (1)

2016-07-18 00:00:00

K14845276 : OpenSSH vulnerability CVE-2016-6210

2016-12-23 00:00:00

ibm

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

2019-01-31 02:25:02

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-6210)

2019-01-31 02:25:02

Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

2023-03-29 01:48:02

veracode

Information Disclosure

2019-01-15 09:20:13

centos

openssh, pam_ssh_agent_auth security update

2017-08-31 18:50:28

openssh, pam_ssh_agent_auth security update

2017-08-24 01:40:16

nvd

CVE-2016-6210

2017-02-13 17:59:00

packetstorm

OpenSSHD 7.2p2 User Enumeration

2016-07-18 00:00:00

OpenSSHD 7.2p2 User Enumeration

2016-07-21 00:00:00

fedora

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

2016-07-20 17:50:40

archlinux

openssh: information leakage

2016-08-02 00:00:00

prion

Design/Logic Flaw

2017-02-13 17:59:00

cve

CVE-2016-6210

2017-02-13 17:59:00

debiancve

CVE-2016-6210

2017-02-13 17:59:00

osv

openssh - security update

2016-07-30 00:00:00

openssh - security update

2016-07-24 00:00:00

CVE-2016-6210

2017-02-13 17:59:00

redhatcve

CVE-2016-6210

2016-07-18 09:18:22

oraclelinux

openssh security update

2017-08-31 00:00:00

openssh security update

2023-08-11 00:00:00

openssh security, bug fix, and enhancement update

2017-08-07 00:00:00

alpinelinux

CVE-2016-6210

2017-02-13 17:59:00

ubuntucve

CVE-2016-6210

2016-07-18 00:00:00

paloalto

OpenSSH Vulnerability

2016-11-17 17:02:00

exploitdb

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

freebsd

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

2016-08-01 00:00:00

slackware

[slackware-security] openssh

2016-08-06 21:10:35

ubuntu

OpenSSH vulnerabilities

2016-08-15 00:00:00

cloudfoundry

USN-3061-1 OpenSSH vulnerability | Cloud Foundry

2016-08-25 00:00:00

altlinux

Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3

2016-10-20 00:00:00

Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2

2016-10-21 00:00:00

Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3

2016-10-20 00:00:00

mageia

Updated openssh packages fix security vulnerability

2016-08-31 18:32:33

symantec

SA136 : OpenSSH Vulnerabilities

2016-12-13 08:00:00

checkpoint_advisories

Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)

2011-03-29 00:00:00

aix

AIX OpenSSH Vulnerability

2016-09-08 14:36:37

amazon

Medium: openssh

2017-10-03 11:00:00

gentoo

OpenSSH: Multiple vulnerabilities

2016-12-07 00:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.107 Low

EPSS

Percentile

95.1%

JSON

Related for CVELIST:CVE-2016-6210