| Vulnerability Name: | CVE-2003-0047 (CCN-11197) | ||||||||
| Assigned: | 2003-01-28 | ||||||||
| Published: | 2003-01-28 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0046 Source: MITRE Type: CNA CVE-2003-0047 Source: MITRE Type: CNA CVE-2003-0048 Source: BUGTRAQ Type: UNKNOWN 20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords Source: CCN Type: SECTRACK ID: 1006010 VanDyke SecureCRT SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006011 VanDyke SecureFX SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006012 VanDyke Entunnel SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006013 AbsoluteTelnet SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006014 PuTTY SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: Celestial Software Web site Celestial Software (maker of the AbsoluteTelnet SSH terminal client) Source: CCN Type: PuTTY Web site PuTTY: a free Win32 telnet/ssh client Source: MISC Type: Patch, Vendor Advisory http://www.idefense.com/advisory/01.28.03.txt Source: CCN Type: OSVDB ID: 7685 Van Dyke SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7686 AbsoluteTelnet SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7687 PuTTY SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7688 WinSCP Client Memory Logon Credential Leak Source: CCN Type: BID-6724 Putty SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6725 Celestial Software AbsoluteTelnet SSH2 Authentication Password Persistence Weakness Source: BID Type: UNKNOWN 6726 Source: CCN Type: BID-6726 Van Dyke SecureCRT SSH2 Authentication Password Persistence Weakness Source: BID Type: UNKNOWN 6727 Source: CCN Type: BID-6727 Van Dyke Software SecureFX SSH2 Authentication Password Persistence Weakness Source: BID Type: UNKNOWN 6728 Source: CCN Type: BID-6728 Van Dyke Software Entunnel SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6732 WinSCP SSH2 Authentication Password Persistence Weakness Source: SECTRACK Type: UNKNOWN 1006010 Source: SECTRACK Type: UNKNOWN 1006011 Source: SECTRACK Type: UNKNOWN 1006012 Source: CCN Type: VanDyke Software Web site VanDyke Software Source: XF Type: UNKNOWN ssh-plaintext-passwords(11197) Source: CCN Type: iDEFENSE Security Advisory 01.28.03 SSH2 Clients Insecurely Store Passwords | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||