CVE-2016-6210 is a vulnerability in OpenBSD OpenSSH
Published on February 13, 2017

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2016-6210

Want to know whenever a new CVE is published for OpenBSD OpenSSH? stack.watch will email you.

OpenBSD OpenSSH

Exploit Probability

EPSS

92.49%

Percentile

99.73%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-6210 is a vulnerability in OpenBSD OpenSSHPublished on February 13, 2017

Products Associated with CVE-2016-6210

Exploit Probability

CVE-2016-6210 is a vulnerability in OpenBSD OpenSSH
Published on February 13, 2017