CVE-2016-6210
Description
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
92.487
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| secure shell (SSH) for secure access to remote machines (USN-3061-1) openssh-server_7.2p2-4ubuntu2.1_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3061-1) openssh-server_7.2p2-4ubuntu2.1_amd64.deb | Linux |
| (RHSA-2017:2563) Moderate: openssh security update pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) Moderate: openssh security update pam_ssh_agent_auth-0.9.3-123.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-askpass-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-cavs-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-clients-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-keycat-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-ldap-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-server-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-server-sysvinit-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-5.3p1-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-5.3p1-123.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-askpass-5.3p1-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-askpass-5.3p1-123.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-clients-5.3p1-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-clients-5.3p1-123.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-ldap-5.3p1-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-ldap-5.3p1-123.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-server-5.3p1-123.el6_9.i686.rpm | Linux |
| (RHSA-2017:2563) openssh security update openssh-server-5.3p1-123.el6_9.x86_64.rpm | Linux |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6210) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234