Full Disclosure mailing list archives

Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords

From: Michael Renzmann <security () dylanic de>
Date: Wed, 29 Jan 2003 19:25:22 +0100

Hi.

iDEFENSE Labs wrote:
[...]

PuTTY is a free implementation of Telnet and SSH for Win32 platforms,
along with an xterm terminal emulator. More information is available at
http://www.chiark.greenend.org.uk/~sgtatham/putty/.

[...]

AFAIK WinSCP2 is a program that relies on the codebase of PuTTY. Hasanyone information if WinSCP2 is also "vulnerable" to this?


Bye, Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords iDEFENSE Labs (Jan 29)
- Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords Michael Renzmann (Jan 29)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords auto68182 (Jan 30)
- RE: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords David Endler (Jan 30)