Search Results (Refine Search)
- CPE Product Version: cpe:/a:openbsd:openssh:2.5.1:p2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-6210 |
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. Published: February 13, 2017; 12:59:00 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6515 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. Published: August 07, 2016; 5:59:09 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2015-8325 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. Published: April 30, 2016; 9:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |