Vulnerability Data

by Reconmap

CVE-2016-6210

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

Published at
2017-02-13T17:59Z
2652 days ago
Modified
2022-12-13T12:15Z
523 days ago
CWE-200
Problem type

Impact

CVSS v3 vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References


URLType
www.openssh.com
https://www.openssh.com/txt/release-7.3		CONFIRM
20160714 opensshd - user enumeration
http://seclists.org/fulldisclosure/2016/Jul/51		FULLDISC
91812
http://www.securityfocus.com/bid/91812		BID
GLSA-201612-18
https://security.gentoo.org/glsa/201612-18		GENTOO
1036319
http://www.securitytracker.com/id/1036319		SECTRACK
40136
https://www.exploit-db.com/exploits/40136/		EXPLOIT-DB
40113
https://www.exploit-db.com/exploits/40113/		EXPLOIT-DB
DSA-3626
http://www.debian.org/security/2016/dsa-3626		DEBIAN
RHSA-2017:2563
https://access.redhat.com/errata/RHSA-2017:2563		REDHAT
RHSA-2017:2029
https://access.redhat.com/errata/RHSA-2017:2029		REDHAT
security.netapp.com
https://security.netapp.com/advisory/ntap-20190206-0001/		CONFIRM
cert-portal.siemens.com
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf		CONFIRM

GET https://vulnerabilitydata.com/api/details/CVE-2016-6210

{
	"id": "CVE-2016-6210",
	"published_date": "2017-02-13T17:59Z",
	"last_modified_date": "2022-12-13T12:15Z",
	"assigner": "cve@mitre.org",
	"description": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",
	"references": [
		{
			"url": "https://www.openssh.com/txt/release-7.3",
			"name": "https://www.openssh.com/txt/release-7.3",
			"refsource": "CONFIRM",
			"tags": [
				"Release Notes",
				"Vendor Advisory"
			]
		},
		{
			"url": "http://seclists.org/fulldisclosure/2016/Jul/51",
			"name": "20160714 opensshd - user enumeration",
			"refsource": "FULLDISC",
			"tags": [
				"Mailing List",
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.securityfocus.com/bid/91812",
			"name": "91812",
			"refsource": "BID",
			"tags": [
				"VDB Entry",
				"Third Party Advisory"
			]
		},
		{
			"url": "https://security.gentoo.org/glsa/201612-18",
			"name": "GLSA-201612-18",
			"refsource": "GENTOO",
			"tags": []
		},
		{
			"url": "http://www.securitytracker.com/id/1036319",
			"name": "1036319",
			"refsource": "SECTRACK",
			"tags": []
		},
		{
			"url": "https://www.exploit-db.com/exploits/40136/",
			"name": "40136",
			"refsource": "EXPLOIT-DB",
			"tags": []
		},
		{
			"url": "https://www.exploit-db.com/exploits/40113/",
			"name": "40113",
			"refsource": "EXPLOIT-DB",
			"tags": []
		},
		{
			"url": "http://www.debian.org/security/2016/dsa-3626",
			"name": "DSA-3626",
			"refsource": "DEBIAN",
			"tags": []
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2017:2563",
			"name": "RHSA-2017:2563",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2017:2029",
			"name": "RHSA-2017:2029",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "https://security.netapp.com/advisory/ntap-20190206-0001/",
			"name": "https://security.netapp.com/advisory/ntap-20190206-0001/",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
			"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
			"refsource": "CONFIRM",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.0",
				"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
				"attackVector": "NETWORK",
				"attackComplexity": "HIGH",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 5.9,
				"baseSeverity": "MEDIUM"
			},
			"exploitabilityScore": 2.2,
			"impactScore": 3.6
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
				"accessVector": "NETWORK",
				"accessComplexity": "MEDIUM",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 4.3
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 8.6,
			"impactScore": 2.9,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-200"
}