SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password. (CVE-2016-6210)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K14845276.