AbsoluteTelnet SSH2 Client Memory Logon Credential Leak

2003-01-28T00:00:00
ID OSVDB:7686
Type osvdb
Reporter Knud Erik Højgaard(knud@skodliv.dk)
Modified 2003-01-28T00:00:00

Description

Vulnerability Description

AbsoluteTelnet SSH2 Client contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords stored in memory when a search of memery is performed, which may lead to a loss of confidentiality.

Technical Description

AbsoluteTelnet does not properly erase memory allowing an attacker with access to memory or a memory dump to retrieve authentication information.

When connected via SSH2, an attacker can search memory or a memory dump for logon credentials. Passwords can be found by searching for the first occurrence of the string "Password", that lies in a segment of read/write memory. The logon and password is stored in plaintext on the respective sides of this keyword.

Solution Description

Upgrade to version 2.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AbsoluteTelnet SSH2 Client contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords stored in memory when a search of memery is performed, which may lead to a loss of confidentiality.

References:

Vendor URL: http://www.celestialsoftware.net/ Related OSVDB ID: 7685 Related OSVDB ID: 7687 Related OSVDB ID: 7688 Other Advisory URL: http://www.idefense.com/application/poi/display?id=24&type=vulnerabilities Generic Exploit URL: http://www.securiteam.com/windowsntfocus/5MP0C0095M.html CVE-2003-0046 Bugtraq ID: 6725