Openbsd : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak) CVSS score >= 4
CVE-2016-6210
Public exploit
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Max CVSS
5.9
EPSS Score
10.74%
Published
2017-02-13
Updated
2022-12-13
1 vulnerabilities found