lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: auto68182 at hushmail.com (auto68182@...hmail.com) Subject: Re: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords -----BEGIN PGP SIGNED MESSAGE----- > II. DESCRIPTION > > AbsoluteTelnet, SecureCRT, Entunnel, SecureFx, and PuTTY do not properly > scrub memory allowing an attacker with access to memory or a memory dump > to retrieve authentication information. > > When connected via SSH2, an attacker can search memory or a memory dump > for logon credentials. Passwords transmitted by PuTTY can be found by > searching for the second occurrence of the string "password:". The user's > password is stored in plaintext shortly after this string. Passwords > transmitted by SecureCRT can be found by searching for the string > "ssh-connection". The logon and password is stored in plaintext on the > respective sides of this keyword. Passwords transmitted by AbsoluteTelnet > can be found by searching for the first occurrence of the string > "Password", that lies in a segment of read/write memory. The logon and > password is stored in plaintext on the respective sides of this keyword. Gee, that's a handy vulnerability. Guess what - if I can read an FTP daemon's memory I can recover usernames and passwords too, and encrypted password hashes. If I'm in a windows box and I can dump the putty process's memory I bet you I could just install a keystroke logger anyway. Did someone sell you this 'hole' iDefense ? If so I have a number of similar ones for sale.. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl4EARECAB4FAj45RK4XHGF1dG82ODE4MkBodXNobWFpbC5jb20ACgkQBZyBylmlHvkU cgCfQ/8yhBXNBYveexXvGTE+jn0KOqAAmwUlaSuRVBVWVW1VYOL28CbmJtKJ =VTdI -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists