PuTTY Password Local Information Disclosure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an SSH client that is affected by an
information disclosure vulnerability.

Description :

The remote host has an installation of PuTTY between 0.59 and 0.61,
inclusive. Such versions are known to contain an information
disclosure issue, where PuTTY neglects to wipe passwords from memory
that it no longer requires.

Note that to exploit this vulnerability, a malicious, local process
must have permission to access the memory assigned to the PuTTY
process.

See also :

http://www.nessus.org/u?d29e474b

Solution :

Upgrade to PuTTY version 0.62.0.0 or later.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 57365 ()

Bugtraq ID: 51021

CVE ID: CVE-2011-4607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now