cbcvebase.
CVE-2016-6210
published 2017-02-13

CVE-2016-6210: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not…

PriorityP267medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
88.94%
99.8th percentile
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:7.2p2-6 (bookworm)openssh 1:7.2p2-6 (bookworm)
msrcazl3_openssh_9.8p1-4_on_azure_linux_3.0
openbsdopenssh<= 7.2
openbsdopenssh>= 0 < 1:7.2p2-61:7.2p2-6
openbsdopenssh>= 0 < 1:7.2p2-61:7.2p2-6
openbsdopenssh>= 0 < 1:7.2p2-61:7.2p2-6
openbsdopenssh>= 0 < 1:7.2p2-61:7.2p2-6
openbsdopenssh>= 0 < 1:6.6p1-2ubuntu2.81:6.6p1-2ubuntu2.8
openbsdopenssh>= 0 < 1:7.2p2-4ubuntu2.11:7.2p2-4ubuntu2.1
paloaltopan-os

Detection & IOCsextracted from sources · hover to see the quote

commandssh.connect('127.0.0.1', username=user, password='A'*25000)
commandp = 'B' * int(args.bytes) [default 50000 bytes password sent to SSH daemon]
yara
regex: '(?i)SSH-(.*)-OpenSSH_[^\r]+'
  • Timing-based user enumeration: valid users (with SHA256/SHA512 hashed passwords) take significantly longer to respond than non-existing users (hashed with BLOWFISH) when a large password (~10KB–50KB) is sent. Monitor for repeated SSH authentication attempts using abnormally large passwords.
  • The exploit sends a large password (default 50,000 bytes of 'B') over SSH to measure timing differences. Detect SSH authentication attempts with unusually large password payloads as an indicator of CVE-2016-6210 exploitation.
  • The exploit uses a non-existent baseline username 'foobar-bleh-nonsense' + index to establish timing baseline. Repeated SSH login attempts with usernames matching this pattern indicate active enumeration.
  • The exploit also uses 'invalidinvalidinvalid' as a probe username to retrieve the SSH banner. SSH auth attempts with this exact username may indicate reconnaissance.
  • Invalid users were logged by OpenSSH while valid users were not during timing-based enumeration. Absence of failed-login log entries for tested usernames combined with slower response times can indicate valid user discovery.
  • If SSHD configuration prohibits root login, root is not considered a valid user in this timing attack context. Adjust enumeration detection logic accordingly.
  • When TCP timestamp option is enabled, use TCP packet timestamps from the server to measure timing differences, as this eliminates network delay noise — defenders should monitor for clients correlating TCP timestamps with SSH auth responses.
  • ·The vulnerability only manifests when real user passwords are hashed with SHA256 or SHA512. Systems using BLOWFISH for all users are not affected by the timing differential.
  • ·Root is not enumerable via this technique if PermitRootLogin is disabled in sshd_config, as root is then treated as an invalid user.
  • ·The Metasploit module also supports a malformed SSH_MSG_USERAUTH_REQUEST packet method (public key auth must be enabled) in addition to the timing attack method.

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.