people.canonical.com
Open in
urlscan Pro
91.189.89.62
Public Scan
URL:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6210
Submission: On March 17 via api from IL — Scanned from GB
Submission: On March 17 via api from IL — Scanned from GB
Form analysis
0 forms found in the DOMText Content
Ubuntu CVE Tracker * Home * Main * Universe * Partner CVE-2016-6210 Priority Low Description sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210 http://seclists.org/fulldisclosure/2016/Jul/51 https://ubuntu.com/security/notices/USN-3061-1 Assigned-to mdeslaur Notes Package Source: openssh (LP Ubuntu Debian) Upstream:released (1:7.2p2-6) Ubuntu 16.04 ESM (Xenial Xerus):released (1:7.2p2-4ubuntu2.1) Ubuntu 14.04 ESM (Trusty Tahr):released (1:6.6p1-2ubuntu2.8) Ubuntu 20.04 FIPS Compliant (Focal Fossa):not-affected (1:7.3p1-1) Patches: Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946 Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc More Information * Mitre * NVD * Launchpad * Debian Updated: 2022-02-11 01:29:21 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04) © Canonical Ltd. 2007-2022