Vulnerability 29793 - CERT Civis.Net

Vulnerability Name:

CCN-29793

Published:

2006-10-25

Updated:

2006-10-25

Summary:

PuTTY could allow a local attacker to obtain sensitive information. The login and password proxy authentication is stored in plaintext in the Windows registry. An attacker could exploit this vulnerability to obtain user passwords.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Full-Disclosure Mailing List, Wed Oct 25 2006 - 05:44:43 CDT
Putty Proxy login/password discolsure....

Source: CCN
Type: PuTTY Download Web page
PuTTY Download Page

Source: XF
Type: UNKNOWN
putty-proxy-plaintext-password(29793)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:putty:putty:0.48:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK