H1-476439 — Vulnetix

H1-476439 PUBLISHED

Password authentication at newsletter.nextcloud.com discloses username list

Exploit Intelligence

PoC of cve-2016-6210 (github-poc)
nicoleman0/CVE-2016-6210-OpenSSHd-7.2p2 (github-poc)
User name enumeration against SSH daemons affected by CVE-2016-6210. (github-poc)
samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration (github-poc)
Custom exploit written for enumerating usernames as per CVE-2016-6210 (github-poc)
OpenSSH Username Enumeration - CVE-2016-6210 (github-poc)
Password authentication at newsletter.nextcloud.com discloses username list (hackerone)
Password authentication at newsletter.nextcloud.com discloses username list (hackerone)

Timeline

Mar 1, 2020 CVE Published
Mar 1, 2020 PoC Published

References

Password authentication at newsletter.nextcloud.com discloses username list advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›