sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

References

seclists.org/fulldisclosure/2016/Jul/51

www.debian.org/security/2016/dsa-3626

www.securityfocus.com/bid/91812

www.securitytracker.com/id/1036319

access.redhat.com/errata/RHSA-2017:2029

access.redhat.com/errata/RHSA-2017:2563

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

security.gentoo.org/glsa/201612-18

security.netapp.com/advisory/ntap-20190206-0001/

www.exploit-db.com/exploits/40113/

www.exploit-db.com/exploits/40136/

www.openssh.com/txt/release-7.3

f5 1

centos 2

openvas 19

nessus 32

nvd 1

veracode 1

ibm 22

packetstorm 2

debian 3

redhat 2

hackerone 1

exploitpack 2

zdt 2

oraclelinux 3

alpinelinux 1

paloalto 1

osv 3

ubuntucve 1

prion 1

fedora 1

archlinux 1

cve 1

redhatcve 1

debiancve 1

exploitdb 2

freebsd 1

ubuntu 1

slackware 1

cloudfoundry 1

symantec 1

mageia 1

altlinux 3

checkpoint_advisories 1

aix 1

amazon 1

gentoo 1

rosalinux 1

ics 1

K14845276 : OpenSSH vulnerability CVE-2016-6210

2016-12-23 00:00:00

centos

openssh, pam_ssh_agent_auth security update

2017-08-31 18:50:28

openssh, pam_ssh_agent_auth security update

2017-08-24 01:40:16

openvas

RedHat Update for openssh RHSA-2017:2563-01

2017-09-01 00:00:00

Debian: Security Advisory (DLA-578-1)

2023-03-08 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1190)

2020-01-23 00:00:00

nessus

EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1189)

2017-09-08 00:00:00

Debian DLA-578-1 : openssh security update

2016-08-01 00:00:00

Debian DSA-3626-1 : openssh - security update

2016-07-25 00:00:00

nvd

CVE-2016-6210

2017-02-13 17:59:00

veracode

Information Disclosure

2019-01-15 09:20:13

ibm

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

2019-01-31 02:25:02

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-6210)

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

2018-06-18 00:51:30

packetstorm

OpenSSHD 7.2p2 User Enumeration

2016-07-18 00:00:00

OpenSSHD 7.2p2 User Enumeration

2016-07-21 00:00:00

debian

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

[SECURITY] [DLA 578-1] openssh security update

2016-07-30 21:40:46

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

redhat

(RHSA-2017:2563) Moderate: openssh security update

2017-08-31 13:09:34

(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update

2017-08-01 05:57:17

hackerone

Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list

2019-01-08 09:59:42

exploitpack

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

zdt

OpenSSHd 7.2p2 - Username Enumeration (2)

2016-07-20 00:00:00

OpenSSHd 7.2p2 - Username Enumeration (1)

2016-07-18 00:00:00

oraclelinux

openssh security update

2017-08-31 00:00:00

openssh security update

2023-08-11 00:00:00

openssh security, bug fix, and enhancement update

2017-08-07 00:00:00

alpinelinux

CVE-2016-6210

2017-02-13 17:59:00

paloalto

OpenSSH Vulnerability

2016-11-17 17:02:00

osv

CVE-2016-6210

2017-02-13 17:59:00

openssh - security update

2016-07-24 00:00:00

openssh - security update

2016-07-30 00:00:00

ubuntucve

CVE-2016-6210

2016-07-18 00:00:00

prion

Design/Logic Flaw

2017-02-13 17:59:00

fedora

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

2016-07-20 17:50:40

archlinux

openssh: information leakage

2016-08-02 00:00:00

cve

CVE-2016-6210

2017-02-13 17:59:00

redhatcve

CVE-2016-6210

2016-07-18 09:18:22

debiancve

CVE-2016-6210

2017-02-13 17:59:00

exploitdb

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

freebsd

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

2016-08-01 00:00:00

ubuntu

OpenSSH vulnerabilities

2016-08-15 00:00:00

slackware

[slackware-security] openssh

2016-08-06 21:10:35

cloudfoundry

USN-3061-1 OpenSSH vulnerability | Cloud Foundry

2016-08-25 00:00:00

symantec

SA136 : OpenSSH Vulnerabilities

2016-12-13 08:00:00

mageia

Updated openssh packages fix security vulnerability

2016-08-31 18:32:33

altlinux

Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3

2016-10-20 00:00:00

Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2

2016-10-21 00:00:00

Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3

2016-10-20 00:00:00

checkpoint_advisories

Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)

2011-03-29 00:00:00

aix

AIX OpenSSH Vulnerability

2016-09-08 14:36:37

amazon

Medium: openssh

2017-10-03 11:00:00

gentoo

OpenSSH: Multiple vulnerabilities

2016-12-07 00:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.107 Low

EPSS

Percentile

95.1%

JSON

Related for CVELIST:CVE-2016-6210