Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
As reported in iDEFENSE Security Advisory 01.28.03, PuTTY 0.53b fails to scrub the password from a memory buffer after authentication, making it trivially easy for an attacker with access to a memory dump to recover the password. (This only applies when using SSH-2.)
This is fixed in the nightly development snapshots as of 2003-01-10, and will be fixed in the next stable release.
This vulnerability corresponds to CVE CAN-2003-0048 .
Audit trail for this vulnerability.