The 13th if July a new wild CVE appeared (Yes, Pokemon Go is still a buzz for the moment).
The CVE 2016-6210 allow a user enumeration on an SSH server by comparing request time between non existing user and allowed ones. This vulnerability target OpenSSHD with a version of 7.2p2 or inferior.
That means with a good dictionary you may know which user are present on the server with an SSH access.
This post just demonstrate how to exploit this vulnerability with a simple example.