PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
BID:51021
Info
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
| Bugtraq ID: | 51021 |
| Class: | Design Error |
| CVE: |
CVE-2011-4607 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 12 2011 12:00AM |
| Updated: | Aug 28 2013 04:09PM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59 |
| Not Vulnerable: | |
Discussion
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
PuTTY is prone to an information-disclosure weakness.
Successful exploits will allow attackers with access to process memory to obtain potentially sensitive information which may aid in further attacks.
PuTTY versions 0.59 through 0.61 are vulnerable.
PuTTY is prone to an information-disclosure weakness.
Successful exploits will allow attackers with access to process memory to obtain potentially sensitive information which may aid in further attacks.
PuTTY versions 0.59 through 0.61 are vulnerable.
Exploit / POC
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution / Fix
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
Solution:
Updates are available for this issue. Please see the references for details.
Solution:
Updates are available for this issue. Please see the references for details.
References
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
References:
References:
- PuTTY Homepage (PuTTY Project)
- PuTTY vulnerability password-not-wiped (PuTTY Project)