Vulnerability Details : CVE-2003-0048
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Products affected by CVE-2003-0048
- cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
- cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
- cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0048
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0048
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2003-0048
-
http://www.idefense.com/advisory/01.28.03.txt
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=104386492422014&w=2
'iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords' - MARC
-
http://www.securitytracker.com/id?1006014
GoDaddy Domain Name Search
-
http://www.securityfocus.com/bid/6724
Jump to