| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dendler at idefense.com (David Endler) Subject: iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indeed, it is vulnerable in the same way as PuTTy. I've contacted the author, Martin Prikryl, who can hopefully turn around an update quickly. - -dave > -----Original Message----- > From: Michael Renzmann [mailto:security@...anic.de] > Sent: Wednesday, January 29, 2003 1:25 PM > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] iDEFENSE Security Advisory > 01.28.03: SSH2 > Clients Insecurely Store Passwords > > > Hi. > > iDEFENSE Labs wrote: > [...] > > PuTTY is a free implementation of Telnet and SSH for Win32 > platforms, > > along with an xterm terminal emulator. More information is > available at > > http://www.chiark.greenend.org.uk/~sgtatham/putty/. > [...] > > AFAIK WinSCP2 is a program that relies on the codebase of PuTTY. Has > anyone information if WinSCP2 is also "vulnerable" to this? -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE4A96E4F iQA/AwUBPjlK8ErdNYRLCswqEQJZtQCgiZBZGExJRcHRTa766nuIREIKukEAoPZ0 7PSqPP5P+rnTl4Lh2/tcbuGO =UAQe -----END PGP SIGNATURE-----
Powered by blists - more mailing lists