Vulnerability 119120 - CERT Civis.Net

Vulnerability Name:

CCN-119120

Published:

2016-11-20

Updated:

2016-11-20

Summary:

Putty could allow a local authenticated attacker to obtain sensitive information, caused by the storing of passwords in cleartext. An attacker could exploit this vulnerability to obtain saved session password information from registry and use this information to launch further attacks against the affected system.

CVSS v3 Severity:

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.0 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Sun, 20 Nov 2016 05:46:20 GMT
Putty Cleartext Password Storage

Source: CCN
Type: Putty Web Site
Putty

Source: XF
Type: UNKNOWN
putty-password-info-disc(119120)

Source: CCN
Type: Packet Storm Security [11-20-2016]
Putty 0.67 Cleartext Password Storage

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:putty:putty:0.67:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK