-----BEGIN PGP SIGNED MESSAGE----- > II. DESCRIPTION > > AbsoluteTelnet, SecureCRT, Entunnel, SecureFx, and PuTTY do not properly > scrub memory allowing an attacker with access to memory or a memory dump > to retrieve authentication information. > > When connected via SSH2, an attacker can search memory or a memory dump > for logon credentials. Passwords transmitted by PuTTY can be found by > searching for the second occurrence of the string "password:". The user's > password is stored in plaintext shortly after this string. Passwords > transmitted by SecureCRT can be found by searching for the string > "ssh-connection". The logon and password is stored in plaintext on the > respective sides of this keyword. Passwords transmitted by AbsoluteTelnet > can be found by searching for the first occurrence of the string > "Password", that lies in a segment of read/write memory. The logon and > password is stored in plaintext on the respective sides of this keyword. Gee, that's a handy vulnerability. Guess what - if I can read an FTP daemon's memory I can recover usernames and passwords too, and encrypted password hashes. If I'm in a windows box and I can dump the putty process's memory I bet you I could just install a keystroke logger anyway. Did someone sell you this 'hole' iDefense ? If so I have a number of similar ones for sale.. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl4EARECAB4FAj45RK4XHGF1dG82ODE4MkBodXNobWFpbC5jb20ACgkQBZyBylmlHvkU cgCfQ/8yhBXNBYveexXvGTE+jn0KOqAAmwUlaSuRVBVWVW1VYOL28CbmJtKJ =VTdI -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 08:41:55 PST