CVE-2016-6210
OpenSSH 7.2p2 - Username Enumeration
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contraseña del usuario, utiliza BLOWFISH hashing en una contraseña estática cuando no existe el nombre de usuario, lo que permite a atacantes remotos enumerar usuarios aprovechando la diferencia de tiempo entre respuestas cuando se proporciona una contraseña grande.
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-13 CVE Reserved
- 2016-07-18 CVE Published
- 2019-08-25 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-385: Covert Timing Channel
CAPEC
References (19)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/40136 | 2024-08-06 | |
https://www.exploit-db.com/exploits/40113 | 2024-08-06 | |
https://github.com/justlce/CVE-2016-6210-Exploit | 2019-08-25 | |
https://github.com/goomdan/CVE-2016-6210-exploit | 2024-03-23 | |
https://github.com/samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration | 2023-09-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2016/dsa-3626 | 2022-12-13 | |
https://access.redhat.com/errata/RHSA-2017:2029 | 2022-12-13 | |
https://access.redhat.com/errata/RHSA-2017:2563 | 2022-12-13 | |
https://security.gentoo.org/glsa/201612-18 | 2022-12-13 | |
https://www.openssh.com/txt/release-7.3 | 2022-12-13 | |
https://access.redhat.com/security/cve/CVE-2016-6210 | 2017-08-31 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1357442 | 2017-08-31 |