FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PuTTY -- Password vulnerability

Affected packages
0.59 <= putty < 0.62

Details

VuXML ID bbd5f486-24f1-11e1-95bc-080027ef73ec
Discovery 2011-12-10
Entry 2011-12-12
Modified 2013-08-07

Simon Tatham reports:

PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication (which is the usual method used by modern servers to request a password), the password you type was accidentally kept in PuTTY's memory for the rest of its run, where it could be retrieved by other processes reading PuTTY's memory, or written out to swap files or crash dumps.

[source]

References

CVE Name CVE-2011-4607
Message http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
URL http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.