PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
                
            References
                    Configurations
                    History
                    No history.
Information
                Published : 2021-07-09 21:15
Updated : 2024-11-21 06:13
NVD link : CVE-2021-36367
Mitre link : CVE-2021-36367
CVE.ORG link : CVE-2021-36367
JSON object : View
Products Affected
                putty
- putty
CWE
                
                    
                        
                        CWE-345
                        
            Insufficient Verification of Data Authenticity
