3 matches found
Mobatek MobaXterm < 22.3 (CVE-2022-38337)
The version of Mobatek MobaXterm installed on the remote host is prior to 22.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-38337 advisory. - When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
CVE-2022-38337
CVE-2022-38337 affects Mobatek MobaXterm prior to v22.1, where aborting a SFTP connection sends a hardcoded password to the server, which the server may treat as an invalid login and trigger a user DoS (e.g., via fail2ban). Root cause is hardcoded credentials during SFTP abort. Impact is Denial o...