CVE-2021-36367 - log back

CVE-2021-36367 edited at 20 Jul 2021 08:41:22
Severity
- Medium
+ Low
CVE-2021-36367 edited at 17 Jul 2021 22:57:36
Description
- PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
+ PuTTY before version 0.76 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
CVE-2021-36367 edited at 10 Jul 2021 19:07:42
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
References
+ https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
Notes
CVE-2021-36367 created at 10 Jul 2021 19:05:17