CVE-2016-6210 (retired)

Priority
Description
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user
password hashing, uses BLOWFISH hashing on a static password when the
username does not exist, which allows remote attackers to enumerate users
by leveraging the timing difference between responses when a large password
is provided.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 12:22:20 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)