boscono https://blog.hatena.ne.jp/boscono/ てきとうなメモ https://boscono.hatenablog.com/ Full Disclosure: opensshd - user enumeration When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH ($2) algorithm. If real users passwords are hash… 190 <iframe src="https://hatenablog-parts.com/embed?url=https%3A%2F%2Fboscono.hatenablog.com%2Fentry%2F2016%2F07%2F18%2F134138" title="opensshでユーザの存在を確認できる脆弱性(CVE-2016-6210) - てきとうなメモ" class="embed-card embed-blogcard" scrolling="no" frameborder="0" style="display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;"></iframe> Hatena Blog https://hatena.blog 2016-07-18 13:41:38 rich https://boscono.hatenablog.com/entry/2016/07/18/134138 1.0 100%