[3.2] openssh: User enumeration via covert timing channel (CVE-2016-6210)
When SSHD tries to authenticate a non-existing user, it will pick up a
fake password structure hardcoded in the SSHD
source code. On this hard coded password structure the password hash is
based on BLOWFISH ($2) algorithm.
If real users passwords are hashed using SHA256/SHA512, then sending
large passwords (10KB) will result in shorter
response time from the server for non-existing users.
References:
http://seclists.org/fulldisclosure/2016/Jul/51
Patches:
https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
(from redmine: issue id 5928, created on 2016-07-20, closed on 2016-08-09)
- Relations:
- parent #5924 (closed)
- Changesets:
- Revision cf8a8f7b on 2016-08-05T11:45:22Z:
main/openssh: security fix (CVE-2016-6210). Fixes #5928
(cherry picked from commit 1a6c29da7c4a7e3d05009f4ea2b940878b57ac81)