Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
As reported in iDEFENSE Security Advisory 01.28.03, PuTTY 0.53b fails to scrub the password from a memory buffer after authentication, making it trivially easy for an attacker with access to a memory dump to recover the password. (This only applies when using SSH-2.)
This is fixed in the nightly development snapshots as of 2003-01-10, and will be fixed in the next stable release.
This vulnerability corresponds to CVE-2003-0048.