| Vulnerability Name: | CVE-2003-0048 (CCN-11197) | ||||||||
| Assigned: | 2003-01-28 | ||||||||
| Published: | 2003-01-28 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0046 Source: MITRE Type: CNA CVE-2003-0047 Source: MITRE Type: CNA CVE-2003-0048 Source: BUGTRAQ Type: UNKNOWN 20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords Source: CCN Type: SECTRACK ID: 1006010 VanDyke SecureCRT SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006011 VanDyke SecureFX SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006012 VanDyke Entunnel SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006013 AbsoluteTelnet SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: SECTRACK ID: 1006014 PuTTY SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory Source: CCN Type: Celestial Software Web site Celestial Software (maker of the AbsoluteTelnet SSH terminal client) Source: CCN Type: PuTTY Web site PuTTY: a free Win32 telnet/ssh client Source: MISC Type: Patch, Vendor Advisory http://www.idefense.com/advisory/01.28.03.txt Source: CCN Type: OSVDB ID: 7685 Van Dyke SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7686 AbsoluteTelnet SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7687 PuTTY SSH2 Client Memory Logon Credential Leak Source: CCN Type: OSVDB ID: 7688 WinSCP Client Memory Logon Credential Leak Source: BID Type: UNKNOWN 6724 Source: CCN Type: BID-6724 Putty SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6725 Celestial Software AbsoluteTelnet SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6726 Van Dyke SecureCRT SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6727 Van Dyke Software SecureFX SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6728 Van Dyke Software Entunnel SSH2 Authentication Password Persistence Weakness Source: CCN Type: BID-6732 WinSCP SSH2 Authentication Password Persistence Weakness Source: SECTRACK Type: UNKNOWN 1006014 Source: CCN Type: VanDyke Software Web site VanDyke Software Source: XF Type: UNKNOWN ssh-plaintext-passwords(11197) Source: CCN Type: iDEFENSE Security Advisory 01.28.03 SSH2 Clients Insecurely Store Passwords | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||