PuTTY SSH authentication password information disclosure vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201132600
Type myhack58
Reporter 佚名
Modified 2011-12-15T00:00:00


Affected version:

Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59

Vulnerability description:

BUGTRAQ ID: 51021PuTTY Windows and Unix platforms PuTTYTelnet and SSH implementation, with an xterm terminal emulator. PuTTY 0. 5 9 to 0. 6 1 version does not delete the authentication process the user input of content stored in memory of the user's password, the successful use of can allow an attacker to obtain sensitive information.

<reference to the http://www. fire. greenend. org. uk/~sgtatham/putty/wishlist/password-not-wiped.html>

HONKWIN Safety recommendations:

Vendor patch: Simon Tatham------------the current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download