CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Published at
2017-02-13T17:59Z
2652 days ago
Modified
2022-12-13T12:15Z
523 days ago
CWE-200
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
URL | Type |
---|---|
www.openssh.com https://www.openssh.com/txt/release-7.3 | CONFIRM |
20160714 opensshd - user enumeration http://seclists.org/fulldisclosure/2016/Jul/51 | FULLDISC |
91812 http://www.securityfocus.com/bid/91812 | BID |
GLSA-201612-18 https://security.gentoo.org/glsa/201612-18 | GENTOO |
1036319 http://www.securitytracker.com/id/1036319 | SECTRACK |
40136 https://www.exploit-db.com/exploits/40136/ | EXPLOIT-DB |
40113 https://www.exploit-db.com/exploits/40113/ | EXPLOIT-DB |
DSA-3626 http://www.debian.org/security/2016/dsa-3626 | DEBIAN |
RHSA-2017:2563 https://access.redhat.com/errata/RHSA-2017:2563 | REDHAT |
RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029 | REDHAT |
security.netapp.com https://security.netapp.com/advisory/ntap-20190206-0001/ | CONFIRM |
cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | CONFIRM |
GET https://vulnerabilitydata.com/api/details/CVE-2016-6210
{ "id": "CVE-2016-6210", "published_date": "2017-02-13T17:59Z", "last_modified_date": "2022-12-13T12:15Z", "assigner": "cve@mitre.org", "description": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.", "references": [ { "url": "https://www.openssh.com/txt/release-7.3", "name": "https://www.openssh.com/txt/release-7.3", "refsource": "CONFIRM", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2016/Jul/51", "name": "20160714 opensshd - user enumeration", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/91812", "name": "91812", "refsource": "BID", "tags": [ "VDB Entry", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201612-18", "name": "GLSA-201612-18", "refsource": "GENTOO", "tags": [] }, { "url": "http://www.securitytracker.com/id/1036319", "name": "1036319", "refsource": "SECTRACK", "tags": [] }, { "url": "https://www.exploit-db.com/exploits/40136/", "name": "40136", "refsource": "EXPLOIT-DB", "tags": [] }, { "url": "https://www.exploit-db.com/exploits/40113/", "name": "40113", "refsource": "EXPLOIT-DB", "tags": [] }, { "url": "http://www.debian.org/security/2016/dsa-3626", "name": "DSA-3626", "refsource": "DEBIAN", "tags": [] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2563", "name": "RHSA-2017:2563", "refsource": "REDHAT", "tags": [] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2029", "name": "RHSA-2017:2029", "refsource": "REDHAT", "tags": [] }, { "url": "https://security.netapp.com/advisory/ntap-20190206-0001/", "name": "https://security.netapp.com/advisory/ntap-20190206-0001/", "refsource": "CONFIRM", "tags": [] }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "refsource": "CONFIRM", "tags": [] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3 }, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-200" }