Описание
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2 (включая)
Одно из
cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*
cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
EPSS
Процентиль: 24%
0.00081
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other