CVE-2003-0047

2003-02-0105:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

25.1%

JSON

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

References

marc.info/?l=bugtraq&m=104386492422014&w=2

www.idefense.com/advisory/01.28.03.txt

www.securityfocus.com/bid/6726

www.securityfocus.com/bid/6727

www.securityfocus.com/bid/6728

www.securitytracker.com/id?1006010

www.securitytracker.com/id?1006011

www.securitytracker.com/id?1006012