Openssh use enumeration

C0r3dump3d coredump at
Tue Jul 19 23:10:48 AEST 2016

Hi, sorry I don't know if I send this to the correct channel.

I have notice that OpenSSH has recognized the presence of the user
enumeration as a vulnerability, (CVE-2016-6210).

I want to make an appreciation, this is a old vulnerability
already announced three years ago.

I would like to point out that there is another vulnerability present in
the bug, it's possible in certain circumstances to provoke a DOS
condition in the access to the ssh server, I made a brief study of this
possibility here:

and included this attack in my tool that exploit this vulnerability:

It's necessary to request another CVE-ID for the DOS attack?

At least, I think it should be clarified in the announce of the


More information about the openssh-unix-dev mailing list