search for: behindthefirewalls

...ists.org/fulldisclosure/2016/Jul/51 (CVE-2016-6210). I want to make an appreciation, this is a old vulnerability already announced three years ago. https://blog.curesec.com/article/blog/OpenSSH-User-Enumeration-Time-Based-Attack-20.html http://seclists.org/fulldisclosure/2013/Jul/88 http://www.behindthefirewalls.com/2014/07/openssh-user-enumeration-time-based.html I would like to point out that there is another vulnerability present in the bug, it's possible in certain circumstances to provoke a DOS condition in the access to the ssh server, I made a brief study of this possibility here: https://www....