Mirrors | Updates | Feedback | Changes | Wishlist | Team
As reported in iDEFENSE Security Advisory 01.28.03, PuTTY 0.53b fails to scrub the password from a memory buffer after authentication, making it trivially easy for an attacker with access to a memory dump to recover the password. (This only applies when using SSH-2.)
This is fixed in the nightly development snapshots as of 2003-01-10, and will be fixed in the next stable release.
This vulnerability corresponds to CVE CVE-2003-0048 .
Audit trail for this vulnerability.