Lucene search
HistoryFeb 19, 2003 - 5:00 a.m.
CVE-2003-0048
putty
ssh
security
vulnerability
memory leak
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.1%
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Affected configurations
Node
puttyputtyMatch0.48
ORputtyputtyMatch0.49
ORputtyputtyMatch0.53
ORputtyputtyMatch0.53b
| CPE | Name | Operator | Version |
|---|---|---|---|
| putty:putty | putty | eq | 0.48 |
| putty:putty | putty | eq | 0.49 |
| putty:putty | putty | eq | 0.53 |
| putty:putty | putty | eq | 0.53b |
Related
openvas
openvas
PuTTY SSH2 Authentication Password Persistence Weakness
2005-11-03 00:00:00
ubuntucve
ubuntucve
CVE-2003-0048
2003-02-19 00:00:00
debiancve
debiancve
CVE-2003-0048
2003-02-19 05:00:00
nvd
nvd
CVE-2003-0048
2003-02-19 05:00:00
cvelist
cvelist
CVE-2003-0048
2003-02-01 05:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
2003-01-30 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.1%
Related for CVE-2003-0048