Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2016-6210

Description

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

POC

Reference

- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

- https://www.exploit-db.com/exploits/40113/

- https://www.exploit-db.com/exploits/40136/

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/KiPhuong/cve-2016-6210

- https://github.com/Live-Hack-CVE/CVE-2016-6210

- https://github.com/Maribel0370/Nebula-io

- https://github.com/NeoOniX/5ATTACK

- https://github.com/X3FV/sshade

- https://github.com/X3FV/sshpi

- https://github.com/bigb0x/CVE-2024-6387

- https://github.com/bigb0x/OpenSSH-Scanner

- https://github.com/bioly230/THM_Skynet

- https://github.com/blurryface18/Network-vulnerability-scanner

- https://github.com/cocomelonc/vulnexipy

- https://github.com/coolbabayaga/CVE-2016-6210

- https://github.com/edsonjt81/https-github.com-gotr00t0day-OpenSSH-Scanner

- https://github.com/eric-conrad/enumer8

- https://github.com/goomdan/CVE-2016-6210-exploit

- https://github.com/hackingyseguridad/ssha

- https://github.com/justlce/CVE-2016-6210-Exploit

- https://github.com/krlabs/openssh-vulnerabilities

- https://github.com/lekctut/sdb-hw-13-01

- https://github.com/lnick2023/nicenice

- https://github.com/nicoleman0/CVE-2016-6210-OpenSSHd-7.2p2

- https://github.com/pedr0alencar/vlab-metasploitable2

- https://github.com/phx/cvescan

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/ryanalieh/openSSH-scanner

- https://github.com/samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration

- https://github.com/sash3939/IS_Vulnerabilities_attacks

- https://github.com/scmanjarrez/CVEScannerV2

- https://github.com/scmanjarrez/test

- https://github.com/sh4rknado/SSH-ULTIMATE

- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

- https://github.com/xbl3/awesome-cve-poc_qazbnm456