Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0047

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0047
Last Modified 10 Sep 2008 08:05:26
Published 19 Feb 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0047

Summary

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Vulnerable Systems

Application

  • Van Dyke Technologies Entunnel 1.0.2

  • Van Dyke Technologies Securecrt 3.4.7

  • Van Dyke Technologies Securecrt 4.0.2

  • Van Dyke Technologies Securefx 2.0.4

  • Van Dyke Technologies Securefx 2.1.2


References

MISC - http://www.idefense.com/advisory/01.28.03.txt

BUGTRAQ - 20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords

SECTRACK - 1006012

SECTRACK - 1006011

SECTRACK - 1006010

BID - 6728

BID - 6727

BID - 6726


Last Updated: 27 May 2016 10:37:46