CVE-2016-6210

Summary

CVE	CVE-2016-6210
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-02-13 17:59:00 UTC
Updated	2026-05-29 21:16:29 UTC
Description	sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

Risk And Classification

Primary CVSS: v3.1 5.9 MEDIUM from ADP

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS: 0.900460000 probability, percentile 0.996000000 (date 2026-06-01)

Problem Types: CWE-200 | n/a | CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Version	Source	Type	Score	Severity	Vector
3.1	ADP	DECLARED	5.9	MEDIUM	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	5.9	MEDIUM	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
3.0	[email protected]	Primary	5.9	MEDIUM	`CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
2.0	[email protected]	Primary	4.3		`AV:N/AC:M/Au:N/C:P/I:N/A:N`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v3.0 Breakdown

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

AV:N/AC:M/Au:N/C:P/I:N/A:N

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openbsd	Openssh	All	p2	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	access.redhat.com
Full Disclosure: opensshd - user enumeration	af854a3a-2127-422b-91ae-364da2661108	seclists.org	Mailing List, Third Party Advisory
OpenSSH CVE-2016-6210 User Enumeration Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
OpenSSHd 7.2p2 - Username Enumeration (PoC)	af854a3a-2127-422b-91ae-364da2661108	www.exploit-db.com
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	access.redhat.com
Debian -- Security Information -- DSA-3626-1 openssh	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Exploit – Page 40136 – Exploits Database	af854a3a-2127-422b-91ae-364da2661108	www.exploit-db.com
CVE-2016-6210 OpenSSH Vulnerability in NetApp Products \| NetApp Product Security	af854a3a-2127-422b-91ae-364da2661108	security.netapp.com
www.openssh.com/txt/release-7.3	af854a3a-2127-422b-91ae-364da2661108	www.openssh.com	Release Notes, Vendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	af854a3a-2127-422b-91ae-364da2661108	cert-portal.siemens.com
OpenSSH: Multiple vulnerabilities (GLSA 201612-18) — Gentoo security	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
OpenSSH Lets Remote Users Determine Valid Usernames on the Target System - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160867 Oracle Enterprise Linux Security Update for openssh (ELSA-2023-4428)
38907 OpenSSH User Enumeration Vulnerability (CVE-2016-6210)
390278 Oracle Managed Virtualization (VM) Server for x86 Security Update for openssh (OVMSA-2023-0019)
591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)