{"title":"openssh\u3067\u30e6\u30fc\u30b6\u306e\u5b58\u5728\u3092\u78ba\u8a8d\u3067\u304d\u308b\u8106\u5f31\u6027(CVE-2016-6210)","blog_url":"https://boscono.hatenablog.com/","categories":[],"author_name":"boscono","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fboscono.hatenablog.com%2Fentry%2F2016%2F07%2F18%2F134138\" title=\"openssh\u3067\u30e6\u30fc\u30b6\u306e\u5b58\u5728\u3092\u78ba\u8a8d\u3067\u304d\u308b\u8106\u5f31\u6027(CVE-2016-6210) - \u3066\u304d\u3068\u3046\u306a\u30e1\u30e2\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","description":"Full Disclosure: opensshd - user enumeration When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH ($2) algorithm. If real users passwords are hash\u2026","published":"2016-07-18 13:41:38","provider_name":"Hatena Blog","url":"https://boscono.hatenablog.com/entry/2016/07/18/134138","blog_title":"\u3066\u304d\u3068\u3046\u306a\u30e1\u30e2","type":"rich","author_url":"https://blog.hatena.ne.jp/boscono/","version":"1.0","width":"100%","provider_url":"https://hatena.blog","image_url":null,"height":"190"}