This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote Windows host has an SSH client that is affected by multiple
information disclosure vulnerabilities.
The remote host has a version of PuTTY installed that is prior to
0.64. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to a
failure to clear SSH-2 private key information from the
memory during the saving or loading of key files to
disk. A local attacker can exploit this to disclose
potentially sensitive information. (CVE-2015-2157)
- An information disclose vulnerability exists in the
Diffie-Hellman Key Exchange due to a failure to properly
handle 0 value keys sent by the server. A
man-in-the-middle attacker can exploit this to disclose
potentially sensitive information. (VulnDB 136167)
See also :
Upgrade to PuTTY version 0.64 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true