CVE-2016-6210

Published on: 02/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Openssh from Openbsd contain the following vulnerability:

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

  • CVE-2016-6210 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
OpenSSHd 7.2p2 - Username Enumeration (PoC) www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40113
Exploit – Page 40136 – Exploits Database www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40136
OpenSSH CVE-2016-6210 User Enumeration Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 91812
OpenSSH Lets Remote Users Determine Valid Usernames on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036319
Release Notes
Vendor Advisory
www.openssh.com
text/plain
URL Logo CONFIRM www.openssh.com/txt/release-7.3
OpenSSH: Multiple vulnerabilities (GLSA 201612-18) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-18
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2017:2563
Debian -- Security Information -- DSA-3626-1 openssh www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3626
CVE-2016-6210 OpenSSH Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20190206-0001/
Full Disclosure: opensshd - user enumeration Mailing List
Third Party Advisory
seclists.org
text/html
URL Logo FULLDISC 20160714 opensshd - user enumeration
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2017:2029

Exploit/POC from Github

Attempts to leverage CVE 2016-6210 to enumerate valid users on a given OpenSSH server. All credit to Eddie Harari on …

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpenbsdOpensshAllp2AllAll
  • cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*: