Lucene search
HistoryFeb 19, 2003 - 5:00 a.m.
CVE-2003-0047
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
25.1%
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Affected configurations
Node
van_dyke_technologiesentunnelRange≤1.0.2
ORvan_dyke_technologiessecurecrtMatch3.4.7
ORvan_dyke_technologiessecurecrtMatch4.0.2
ORvan_dyke_technologiessecurefxMatch2.0.4
ORvan_dyke_technologiessecurefxMatch2.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| van_dyke_technologies | entunnel | * | cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:* |
| van_dyke_technologies | securecrt | 3.4.7 | cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:* |
| van_dyke_technologies | securecrt | 4.0.2 | cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:* |
| van_dyke_technologies | securefx | 2.0.4 | cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:* |
| van_dyke_technologies | securefx | 2.1.2 | cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2003-0047
2003-02-19 05:00:00
cvelist
cvelist
CVE-2003-0047
2003-02-01 05:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
2003-01-30 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
25.1%
Related for NVD:CVE-2003-0047