Openssh · Openssh · CVE-2016-6515
**Name of the Vulnerable Software and Affected Versions**
OpenSSH versions prior to 7.3
**Description**
The issue is related to the `auth password` function in `auth-passwd.c` in sshd, which does not limit password lengths for password authentication. This allows remote attackers to cause a denial of service (consumption of CPU resources) via a long string.
**Recommendations**
For OpenSSH versions prior to 7.3, consider updating to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of long password strings to minimize the risk of exploitation.