CVE-2021-36367 log

Severity Low
Remote Yes
Type Content spoofing
PuTTY before version 0.76 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
Group Package Affected Fixed Severity Status Ticket
AVG-2143 putty 0.75-1 0.76-1 Low Fixed
Date Advisory Group Package Severity Type
20 Jul 2021 ASA-202107-37 AVG-2143 putty Low content spoofing