Full Disclosure mailing list archives
RE: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
From: David Endler <dendler () idefense com>
Date: Thu, 30 Jan 2003 11:00:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indeed, it is vulnerable in the same way as PuTTy. I've contacted the author, Martin Prikryl, who can hopefully turn around an update quickly. - -dave
-----Original Message----- From: Michael Renzmann [mailto:security () dylanic de] Sent: Wednesday, January 29, 2003 1:25 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords Hi. iDEFENSE Labs wrote: [...]PuTTY is a free implementation of Telnet and SSH for Win32platforms,along with an xterm terminal emulator. More information isavailable athttp://www.chiark.greenend.org.uk/~sgtatham/putty/.[...] AFAIK WinSCP2 is a program that relies on the codebase of PuTTY. Has anyone information if WinSCP2 is also "vulnerable" to this?
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE4A96E4F iQA/AwUBPjlK8ErdNYRLCswqEQJZtQCgiZBZGExJRcHRTa766nuIREIKukEAoPZ0 7PSqPP5P+rnTl4Lh2/tcbuGO =UAQe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords iDEFENSE Labs (Jan 29)
- Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords Michael Renzmann (Jan 29)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords auto68182 (Jan 30)
- RE: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords David Endler (Jan 30)