VDB
ALAS-2017-898
ALAS-2017-898
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | openssh |
Exploit Intelligence
- This project explores whether modern OpenSSH reveals valid usernames through subtle response or timing differences. CVE-2016-6210 user enumeration investigation ( Welch's t-test, Cohen's d, and detection engineering ) on a controlled lab on Ubuntu 22.04.5 LTS, it also examines the traces such attempts leave behind and how they can be detected.. (github-poc)
- This project explores whether modern OpenSSH reveals valid usernames through subtle response or timing differences. CVE-2016-6210 user enumeration investigation ( Welch's t-test, Cohen's d, and detection engineering ) on a controlled lab on Ubuntu 22.04.5 LTS, it also examines the traces such attempts leave behind and how they can be detected.. (github-poc-repo)
- OpenSSH remote DOS exploit and vulnerable container (github-poc-repo)
- OpenSSH Username Enumeration - CVE-2016-6210 (github-poc-repo)
- cve-2016-6515 (github-poc-repo)
- A proof of concept for CVE-2016-6515 (github-poc-repo)
- samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration (github-poc-repo)
- Custom exploit written for enumerating usernames as per CVE-2016-6210 (github-poc-repo)
- User name enumeration against SSH daemons affected by CVE-2016-6210. (github-poc-repo)
- nicoleman0/CVE-2016-6210-OpenSSHd-7.2p2 (github-poc-repo)
…and 10 more exploits
Timeline
- Oct 3, 2017 CVE Published
References
- ALAS-2017-898: openssh (medium) advisory