5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.107 Low
EPSS
Percentile
94.2%
summary:
A vulnerability classified as problematic has been found in OpenSSH 7.2p2. check (INFO.png)Affected is an unknown function of the component Authentication. The manipulation of the argument Password with an unknown input leads to a information disclosure vulnerability (Username). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was disclosed 07/14/2016 by Eddie Harari as opensshd - user enumeration as confirmed mailinglist post (Full-Disclosure). The advisory is available at seclists.org. The vendor was not involved in the coordination of the public release. This vulnerability is traded as CVE-2016-6210 since 07/13/2016. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. Technical details and a public exploit are known.
POC
download POC.py and write the next command. (you can try with any word-list or just use some random names like I did)
OUTPUT:
check (POC.png)
in this case user whose time < 0.04717744470807732 is non existing user
I tried with a small usernames list for POC, attacker will use a big list like rockyou.txt that on Kali Linux by default.
Allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.107 Low
EPSS
Percentile
94.2%