Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-6210

Published: 13/02/2017 Updated: 13/12/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 442
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

sshd in OpenSSH prior to 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote malicious users to enumerate users by leveraging the timing difference between responses when a large password is provided.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

Vendor Advisories

Debian CVElist Bug Report Logs: openssh: CVE-2016-6210: User enumeration via covert timing channel
Debian Bug report logs - #831902 openssh: CVE-2016-6210: User enumeration via covert timing channel Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Jul 2016 17:27:01 UTC Severity: importan ...
Ubuntu Security Notice: openssh vulnerabilities
Several security issues were fixed in OpenSSH ...
Debian Security Advisories: DSA-3626-1 openssh -- security update
Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm If real users passwords are hashed using SHA256/SHA512, then a remot ...
Amazon Linux AMI: ALAS-2017-898
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses (CVE-2016-6210) It was found that OpenSSH did not limit password lengths for password authentication A remo ...
Red Hat: CVE-2016-6210
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: OpenSSH 7.2p2 - Username Enumeration
#!/usr/bin/python # # CVEs: CVE-2016-6210 (Credits for this go to Eddie Harari) # # Author: 0_o -- null_null # nu11nu11 [at] yahoocom # Oh, and it is n-u-one-onen-u-one-one, no l's # Wonder how the guys at packet storm could get this wrong :( ...
Exploit DB: OpenSSHd 7.2p2 - Username Enumeration
Source: seclistsorg/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD (<=Latest version) ------------------------------------------------------------------- Abstract: ----------- By sending large passwords, a remote user can enumerate users on system that r ...
Exploit DB: OpenSSHD 7.2p2 User Enumeration
OpenSSHD versions 72p2 and below remote username enumeration exploit ...
Exploit DB: OpenSSHD 7.2p2 User Enumeration
OpenSSHD versions 72p2 and below user enumeration exploit ...

Github Repositories

https://github.com/justlce/CVE-2016-6210-Exploit

OpenSSH Username Enumeration - CVE-2016-6210

This is the first version of the "weaponized" exploit for CVE-2016-6210 Background: Posted by Eddie Harari on Full Disclosure seclistsorg/fulldisclosure/2016/Jul/51 The brief: By sending large passwords, a remote user can enumerate users on system that runs SSHD This problem exists in most modern configuration due to the fact that it takes much longer to cal

https://github.com/sash3939/IS_Vulnerabilities_attacks

Домашнее задание к занятию «Уязвимости и атаки на информационные системы» Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспериментов в обл

https://github.com/calebshortt/opensshd_user_enumeration

OpenSSHD 7.2p2 - User Enumeration: CVE 2016-6210

OpenSSHD User Enumeration A simple script that takes advantage of OpenSSHD 72p2 - User Enumeration: CVE 2016-6210 Can take a list of usernames and try them against a server -- looks to find users in the system Built from the sample code specified at wwwexploit-dbcom/exploits/40113/ Usage python opensshdpy [-h] [-u --userlist USERLIST_FILE] target_ip Results [att

https://github.com/bassitone/OpenSSH-User-Enumeration

Attempts to leverage CVE 2016-6210 to enumerate valid users on a given OpenSSH server. All credit to Eddie Harari on the list for disclosure and initial PoC - I'm just making it work in cases where you have a bunch (dozens/hundreds) of servers to test ASAP.

OpenSSH-User-Enumeration Attempts to leverage CVE 2016-6210 to enumerate valid users on a given OpenSSH server All credit to Eddie Harari on the list for disclosure and initial PoC - I'm just making it work in cases where you have a bunch (dozens/hundreds) of servers to test ASAP Inputs: userstxt, IPv4_targetstxt Output: outputtxt

https://github.com/Tardcircus/CVE2016-6210

CVE 2016-6210 OpenSSH 7.2p2 Time response vulnerability to enumerate usernames

CVE2016-6210 CVE 2016-6210 OpenSSH 72p2 Time response vulnerability to enumerate usernames Description A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses This tool was created to take adva

https://github.com/sh4rknado/SSH-ULTIMATE

SSH-ULTIMATE EXPLOIT

SSH-ULTIMATE SSH-ULTIMATE EXPLOIT Infos SSH-ULTMATE EXPLOIT | CVE | Exploit Type | Requirements | | ------------- | --------------- | -------------- | | CVE-2016-6210 | REMOTLY | requiremttxt | | | | | | | | | SSH-ENUMERATION

https://github.com/goomdan/CVE-2016-6210-exploit

Custom exploit written for enumerating usernames as per CVE-2016-6210

CVE-2016-6210-exploit Custom exploit written for enumerating usernames as per CVE-2016-6210 (OpenSSH 72-p2 & prior) ONLY USE THIS CODE ON SYSTEMS IN WHICH YOU ARE AUTHORISED TO DO THIS ON DESCRIPTION I wrote this program as a tool to exploit CVE-2016-6210, which is a vulnerability in OpenSSH (before version 73) disclosed by Eddie Harari From what I understand, the pro

References

CWE-200https://www.openssh.com/txt/release-7.3http://seclists.org/fulldisclosure/2016/Jul/51http://www.securityfocus.com/bid/91812https://security.gentoo.org/glsa/201612-18http://www.securitytracker.com/id/1036319https://www.exploit-db.com/exploits/40136/https://www.exploit-db.com/exploits/40113/http://www.debian.org/security/2016/dsa-3626https://access.redhat.com/errata/RHSA-2017:2563https://access.redhat.com/errata/RHSA-2017:2029https://security.netapp.com/advisory/ntap-20190206-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902https://nvd.nist.govhttps://usn.ubuntu.com/3061-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21https://www.exploit-db.com/exploits/40136/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middlecommand injectionCVE-2021-47511CVE-2024-26238CVE-2024-4858CVE-2024-21305XXECVE-2021-47555CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook