PuTTY Password Local Information Disclosure
Low Nessus Plugin ID 57365
SynopsisThe remote Windows host has an SSH client that is affected by an information disclosure vulnerability.
DescriptionThe remote host has an installation of PuTTY between 0.59 and 0.61, inclusive. Such versions are known to contain an information disclosure issue, where PuTTY neglects to wipe passwords from memory that it no longer requires.
Note that to exploit this vulnerability, a malicious, local process must have permission to access the memory assigned to the PuTTY process.
SolutionUpgrade to PuTTY version 0.62.0.0 or later.