CVE-2016-6210
published 2017-02-13CVE-2016-6210: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not…
PriorityP267medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
88.94%
99.8th percentile
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:7.2p2-6 (bookworm) | openssh 1:7.2p2-6 (bookworm) |
| msrc | azl3_openssh_9.8p1-4_on_azure_linux_3.0 | — | — |
| openbsd | openssh | <= 7.2 | — |
| openbsd | openssh | >= 0 < 1:7.2p2-6 | 1:7.2p2-6 |
| openbsd | openssh | >= 0 < 1:7.2p2-6 | 1:7.2p2-6 |
| openbsd | openssh | >= 0 < 1:7.2p2-6 | 1:7.2p2-6 |
| openbsd | openssh | >= 0 < 1:7.2p2-6 | 1:7.2p2-6 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.8 | 1:6.6p1-2ubuntu2.8 |
| openbsd | openssh | >= 0 < 1:7.2p2-4ubuntu2.1 | 1:7.2p2-4ubuntu2.1 |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: '(?i)SSH-(.*)-OpenSSH_[^\r]+'
- →Timing-based user enumeration: valid users (with SHA256/SHA512 hashed passwords) take significantly longer to respond than non-existing users (hashed with BLOWFISH) when a large password (~10KB–50KB) is sent. Monitor for repeated SSH authentication attempts using abnormally large passwords. ↗
- →The exploit sends a large password (default 50,000 bytes of 'B') over SSH to measure timing differences. Detect SSH authentication attempts with unusually large password payloads as an indicator of CVE-2016-6210 exploitation. ↗
- →The exploit uses a non-existent baseline username 'foobar-bleh-nonsense' + index to establish timing baseline. Repeated SSH login attempts with usernames matching this pattern indicate active enumeration. ↗
- →The exploit also uses 'invalidinvalidinvalid' as a probe username to retrieve the SSH banner. SSH auth attempts with this exact username may indicate reconnaissance. ↗
- →Invalid users were logged by OpenSSH while valid users were not during timing-based enumeration. Absence of failed-login log entries for tested usernames combined with slower response times can indicate valid user discovery. ↗
- →If SSHD configuration prohibits root login, root is not considered a valid user in this timing attack context. Adjust enumeration detection logic accordingly. ↗
- →When TCP timestamp option is enabled, use TCP packet timestamps from the server to measure timing differences, as this eliminates network delay noise — defenders should monitor for clients correlating TCP timestamps with SSH auth responses. ↗
- ·The vulnerability only manifests when real user passwords are hashed with SHA256 or SHA512. Systems using BLOWFISH for all users are not affected by the timing differential. ↗
- ·Root is not enumerable via this technique if PermitRootLogin is disabled in sshd_config, as root is then treated as an invalid user. ↗
- ·The Metasploit module also supports a malformed SSH_MSG_USERAUTH_REQUEST packet method (public key auth must be enabled) in addition to the timing attack method. ↗
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenSSH 7.2p2 Authentication Password Username information disclosure (EDB-40113 / Nessus ID 92526)
vuldb·2026-05-30·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSH 7.2p2 Authentication Password Username information disclosure (EDB-40113 / Nessus ID 92526)
A vulnerability was found in OpenSSH 7.2p2. It has been rated as problematic. This issue affects some unknown processing of the component Authentication. The manipulation of the argument Password leads to information disclosure (Username).
This vulnerability is documented as CVE-2016-6210. The attack can be initiated remotely. Additionally, an exploit exists.
Upgrading the affected component is advised.
GHSA
GHSA-f525-65h3-3qjh: sshd in OpenSSH before 7
ghsa_unreviewed·2022-05-14
CVE-2016-6210 [MEDIUM] CWE-200 GHSA-f525-65h3-3qjh: sshd in OpenSSH before 7
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
OSV
CVE-2016-6210: sshd in OpenSSH before 7
osv·2017-02-13·CVSS 5.9
CVE-2016-6210 [MEDIUM] CVE-2016-6210: sshd in OpenSSH before 7
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
OSV
openssh vulnerabilities
osv·2016-08-15·CVSS 5.9
CVE-2016-6210 [MEDIUM] openssh vulnerabilities
openssh vulnerabilities
Eddie Harari discovered that OpenSSH incorrectly handled password hashing
when authenticating non-existing users. A remote attacker could perform a
timing attack and enumerate valid users. (CVE-2016-6210)
Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did
not limit password lengths. A remote attacker could use this issue to cause
OpenSSH to consume resources, leading to a denial of service.
(CVE-2016-6515)
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Microsoft
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enum
vendor_msrc·2017-02-21·CVSS 5.9
CVE-2016-6210 [MEDIUM] CWE-200 sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enum
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See thi
Palo Alto
OpenSSH Vulnerability
vendor_paloalto·2016-11-17·CVSS 5.9
CVE-2016-6210 [MEDIUM] CWE-200 OpenSSH Vulnerability
OpenSSH Vulnerability
Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. (Ref # 100977/CVE-2016-6210).
To exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall.
This issue affects PAN-OS 5.0.X and earlier; PAN-OS 5.1.X and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
Affected products: PAN-OS
Solution: PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Workaround: Palo Alto Networks recommends following best practices by not relying on hidden usernames and setting unique, long, and complex passwords for each of the firew
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2016-08-15·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Eddie Harari discovered that OpenSSH incorrectly handled password hashing
when authenticating non-existing users. A remote attacker could perform a
timing attack and enumerate valid users. (CVE-2016-6210)
Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did
not limit password lengths. A remote attacker could use this issue to cause
OpenSSH to consume resources, leading to a denial of service.
(CVE-2016-6515)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openssh: User enumeration via covert timing channel
vendor_redhat·2016-07-14·CVSS 5.9
CVE-2016-6210 [MEDIUM] CWE-385 openssh: User enumeration via covert timing channel
openssh: User enumeration via covert timing channel
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.
Statement: This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Package: openssh (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2016-6210: openssh - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has...
vendor_debian·2016·CVSS 5.9
CVE-2016-6210 [MEDIUM] CVE-2016-6210: openssh - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has...
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Scope: local
bookworm: resolved (fixed in 1:7.2p2-6)
bullseye: resolved (fixed in 1:7.2p2-6)
forky: resolved (fixed in 1:7.2p2-6)
sid: resolved (fixed in 1:7.2p2-6)
trixie: resolved (fixed in 1:7.2p2-6)
No detection rules found.
Exploit-DB
OpenSSH 7.2p2 - Username Enumeration
exploitdb·2016-07-20·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSH 7.2p2 - Username Enumeration
OpenSSH 7.2p2 - Username Enumeration
---
#!/usr/bin/python
#
# CVEs: CVE-2016-6210 (Credits for this go to Eddie Harari)
#
# Author: 0_o -- null_null
# nu11.nu11 [at] yahoo.com
# Oh, and it is n-u-one-one.n-u-one-one, no l's...
# Wonder how the guys at packet storm could get this wrong :(
#
# Date: 2016-07-19
#
# Purpose: User name enumeration against SSH daemons affected by CVE-2016-6210.
#
# Prerequisites: Network access to the SSH daemon.
#
# DISCLAIMER: Use against your own hosts only! Attacking stuff you are not
# permitted to may put you in big trouble!
#
# And now - the fun part :-)
#
import paramiko
import time
import numpy
import argparse
import sys
args = None
class bcolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
Exploit-DB
OpenSSHd 7.2p2 - Username Enumeration
exploitdb·2016-07-18·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSHd 7.2p2 - Username Enumeration
OpenSSHd 7.2p2 - Username Enumeration
---
Source: http://seclists.org/fulldisclosure/2016/Jul/51
User Enumeration using Open SSHD (<=Latest version).
Abstract:
By sending large passwords, a remote user can enumerate users on system that runs SSHD. This problem exists in most
modern configuration due to the fact that it takes much longer to calculate SHA256/SHA512 hash than BLOWFISH hash.
CVE-ID
CVE-2016-6210
Tested versions
This issue was tested on : opensshd-7.2p2 ( should be possible on most earlier versions as well).
Fix
This issue was reported to OPENSSH developer group and they have sent a patch ( don't know if patch was released yet).
(thanks to 'dtucker () zip com au' for his quick reply and fix suggestion).
Details
When SSHD tries to authenticate a non-existing user, it wil
Metasploit
SSH Username Enumeration
metasploit
SSH Username Enumeration
SSH Username Enumeration
This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.
Nuclei
OpenSSH Service - Detect
nuclei·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSH Service - Detect
OpenSSH Service - Detect
OpenSSH service was detected.
Template:
id: openssh-detect
info:
name: OpenSSH Service - Detect
author: r3dg33k,daffainfo,iamthefrogy
severity: info
description: |
OpenSSH service was detected.
reference:
- http://www.openwall.com/lists/oss-security/2016/08/01/2
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://seclists.org/fulldisclosure/2016/Jul/51
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 1
tags: seclists,network,ssh,openssh,detect,detection,tcp,discovery
tcp:
- host:
- "{{Hostname}}"
port: 22
matchers:
- type: regex
regex:
- '(?i)OpenSSH'
extractors:
- type: regex
regex
Nuclei
MikroTik RouterOS SSH - Detect
nuclei·CVSS 5.9
CVE-2016-6210 [MEDIUM] MikroTik RouterOS SSH - Detect
MikroTik RouterOS SSH - Detect
MikroTik RouterOS SSH was detected.
Template:
id: mikrotik-ssh-detect
info:
name: MikroTik RouterOS SSH - Detect
author: staticnoise
severity: info
description: |
MikroTik RouterOS SSH was detected.
reference:
- http://www.openwall.com/lists/oss-security/2016/08/01/2
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://seclists.org/fulldisclosure/2016/Jul/51
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: SSH-2.0-ROSSSH
verified: true
tags: network,ssh,mikrotik,detect,detection,tcp,discovery
tcp:
- host:
- "{{Hostname}}"
port: 22
matchers:
- type: regex
regex:
-
HackerOne
Password authentication at newsletter.nextcloud.com discloses username list
hackerone·2020-03-01·CVSS 5.9
[MEDIUM] Password authentication at newsletter.nextcloud.com discloses username list
Password authentication at newsletter.nextcloud.com discloses username list
**summary:**
A vulnerability classified as problematic has been found in OpenSSH 7.2p2. check (INFO.png)Affected is an unknown function of the component Authentication. The manipulation of the argument Password with an unknown input leads to a information disclosure vulnerability (Username). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was disclosed 07/14/2016 by Eddie Harari as opensshd - user enumeration as confirmed mailinglist post (Full-Disclosure). The advisory is available at seclists.org. The vendor was not involved in the coordination of the public release. This vulnerability is traded as CVE-2016-6210 since 07/13/2016. It is possible to launch
Bugzilla
CVE-2016-6210 openssh: User enumeration via covert timing channel
bugzilla·2016-07-18·CVSS 6.5
CVE-2016-6210 [MEDIUM] CVE-2016-6210 openssh: User enumeration via covert timing channel
CVE-2016-6210 openssh: User enumeration via covert timing channel
When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH ($2) algorithm. If real users passwords are hashed using SHA256/SHA512, then sending large passwords (10KB) will result in shorter response time from the server for non-existing users. This allows remote attacker to enumerate existing users on system logging via SSHD.
Published in:
http://seclists.org/fulldisclosure/2016/Jul/51
Discussion:
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1357443]
---
OpenSSH in RHEL 6, 7 uses a helper binary "unix_chkpwd" (via the pam_unix module) to verify t
Bugzilla
CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]
bugzilla·2016-07-18·CVSS 5.9
CVE-2016-6210 [MEDIUM] CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]
CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
arXiv
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
arxiv_fulltext·2021-09-10
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
## Abstract
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly
http://seclists.org/fulldisclosure/2016/Jul/51http://www.debian.org/security/2016/dsa-3626http://www.securityfocus.com/bid/91812http://www.securitytracker.com/id/1036319https://access.redhat.com/errata/RHSA-2017:2029https://access.redhat.com/errata/RHSA-2017:2563https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://security.gentoo.org/glsa/201612-18https://security.netapp.com/advisory/ntap-20190206-0001/https://www.exploit-db.com/exploits/40113/https://www.exploit-db.com/exploits/40136/https://www.openssh.com/txt/release-7.3http://seclists.org/fulldisclosure/2016/Jul/51http://www.debian.org/security/2016/dsa-3626http://www.securityfocus.com/bid/91812http://www.securitytracker.com/id/1036319https://access.redhat.com/errata/RHSA-2017:2029https://access.redhat.com/errata/RHSA-2017:2563https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://security.gentoo.org/glsa/201612-18https://security.netapp.com/advisory/ntap-20190206-0001/https://www.exploit-db.com/exploits/40113/https://www.exploit-db.com/exploits/40136/https://www.openssh.com/txt/release-7.3
2017-02-13
Published