Summary
The host is installed with PuTTY and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow local attacker to read the passwords within the memory in clear text until the program stops running.
Solution
Upgrade to version 0.62 or later,
For updates refer to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Insight
Flaw is due to improper handling of session passwords that were stored in the memory during the keyboard-interactive authentication
Affected
PuTTY version 0.59 before 0.62 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-4607 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities