A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

References

bugzilla.redhat.com/show_bug.cgi?id=1357442

nessus 30

hackerone 1

debian 3

zdt 2

redhat 2

exploitpack 2

openvas 19

fedora 1

ibm 22

archlinux 1

prion 1

cve 1

f5 1

veracode 1

packetstorm 2

centos 2

osv 3

debiancve 1

oraclelinux 3

paloalto 1

ubuntucve 1

alpinelinux 1

exploitdb 2

freebsd 1

cloudfoundry 1

slackware 1

ubuntu 1

altlinux 3

checkpoint_advisories 1

aix 1

symantec 1

mageia 1

amazon 1

gentoo 1

rosalinux 1

ics 1

nessus

Fedora 24 : openssh (2016-7440fa5ce2)

2016-07-21 00:00:00

CentOS 6 : openssh (CESA-2017:2563)

2017-09-01 00:00:00

Oracle Linux 6 : openssh (ELSA-2017-2563)

2017-09-01 00:00:00

hackerone

Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list

2019-01-08 09:59:42

debian

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

[SECURITY] [DLA 578-1] openssh security update

2016-07-30 21:40:46

[SECURITY] [DSA 3626-1] openssh security update

2016-07-24 09:19:18

zdt

OpenSSHd 7.2p2 - Username Enumeration (2)

2016-07-20 00:00:00

OpenSSHd 7.2p2 - Username Enumeration (1)

2016-07-18 00:00:00

redhat

(RHSA-2017:2563) Moderate: openssh security update

2017-08-31 13:09:34

(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update

2017-08-01 05:57:17

exploitpack

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1190)

2020-01-23 00:00:00

CentOS Update for openssh CESA-2017:2563 centos6

2017-09-01 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1189)

2020-01-23 00:00:00

fedora

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

2016-07-20 17:50:40

ibm

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-6210)

2019-01-31 02:25:02

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

2018-06-18 00:51:30

archlinux

openssh: information leakage

2016-08-02 00:00:00

prion

Design/Logic Flaw

2017-02-13 17:59:00

cve

CVE-2016-6210

2017-02-13 17:59:00

K14845276 : OpenSSH vulnerability CVE-2016-6210

2016-12-23 00:00:00

veracode

Information Disclosure

2019-01-15 09:20:13

packetstorm

OpenSSHD 7.2p2 User Enumeration

2016-07-18 00:00:00

OpenSSHD 7.2p2 User Enumeration

2016-07-21 00:00:00

centos

openssh, pam_ssh_agent_auth security update

2017-08-31 18:50:28

openssh, pam_ssh_agent_auth security update

2017-08-24 01:40:16

osv

openssh - security update

2016-07-30 00:00:00

openssh - security update

2016-07-24 00:00:00

CVE-2016-6210

2017-02-13 17:59:00

debiancve

CVE-2016-6210

2017-02-13 17:59:00

oraclelinux

openssh security update

2017-08-31 00:00:00

openssh security update

2023-08-11 00:00:00

openssh security, bug fix, and enhancement update

2017-08-07 00:00:00

paloalto

OpenSSH Vulnerability

2016-11-17 17:02:00

ubuntucve

CVE-2016-6210

2016-07-18 00:00:00

alpinelinux

CVE-2016-6210

2017-02-13 17:59:00

exploitdb

OpenSSHd 7.2p2 - Username Enumeration

2016-07-18 00:00:00

OpenSSH 7.2p2 - Username Enumeration

2016-07-20 00:00:00

freebsd

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

2016-08-01 00:00:00

cloudfoundry

USN-3061-1 OpenSSH vulnerability | Cloud Foundry

2016-08-25 00:00:00

slackware

[slackware-security] openssh

2016-08-06 21:10:35

ubuntu

OpenSSH vulnerabilities

2016-08-15 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3

2016-10-20 00:00:00

Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2

2016-10-21 00:00:00

Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3

2016-10-20 00:00:00

checkpoint_advisories

Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)

2011-03-29 00:00:00

aix

AIX OpenSSH Vulnerability

2016-09-08 14:36:37

symantec

SA136 : OpenSSH Vulnerabilities

2016-12-13 08:00:00

mageia

Updated openssh packages fix security vulnerability

2016-08-31 18:32:33

amazon

Medium: openssh

2017-10-03 11:00:00

gentoo

OpenSSH: Multiple vulnerabilities

2016-12-07 00:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for RH:CVE-2016-6210