people.canonical.com Open in urlscan Pro
91.189.89.62  Public Scan

URL: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6210
Submission: On March 17 via api from IL — Scanned from GB

Form analysis 0 forms found in the DOM

Text Content

Ubuntu CVE Tracker
 * Home
 * Main
 * Universe
 * Partner


CVE-2016-6210

Priority
Low

Description
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user
password hashing, uses BLOWFISH hashing on a static password when the
username does not exist, which allows remote attackers to enumerate users
by leveraging the timing difference between responses when a large password
is provided.

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
http://seclists.org/fulldisclosure/2016/Jul/51
https://ubuntu.com/security/notices/USN-3061-1

Assigned-to
mdeslaur

Notes



Package
Source: openssh (LP Ubuntu Debian)

Upstream:released (1:7.2p2-6) Ubuntu 16.04 ESM (Xenial Xerus):released
(1:7.2p2-4ubuntu2.1) Ubuntu 14.04 ESM (Trusty Tahr):released
(1:6.6p1-2ubuntu2.8) Ubuntu 20.04 FIPS Compliant (Focal Fossa):not-affected
(1:7.3p1-1)

Patches:

Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc

More Information
 * Mitre
 * NVD
 * Launchpad
 * Debian

Updated: 2022-02-11 01:29:21 UTC (commit
acb3d89ab51f1d5e5543fa993969c0eb13c71f04)

© Canonical Ltd. 2007-2022