Putty < 0.54 SSH2 Authentication Password Persistence Weakness
Low Nessus Network Monitor Plugin ID 1999
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote host is using a vulnerable version of PuTTY, a SSH client built for Linux and UNIX variants as well as Microsoft Windows operation systems. It has been reported that PuTTY does not safely handle password information. As a result, a local user may be able to recover authentication passwords.
SolutionUpgrade to PuTTY 0.54 or higher.