1. CVE-Search
  2. CVE-2003-0047
ID CVE-2003-0047
Summary SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
References
Vulnerable Configurations
  • cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*
    cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*
  • cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-10-2016 - 02:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 6726
  • 6727
  • 6728
bugtraq 20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
misc http://www.idefense.com/advisory/01.28.03.txt
sectrack
  • 1006010
  • 1006011
  • 1006012
Last major update 18-10-2016 - 02:28
Published 19-02-2003 - 05:00
Last modified 18-10-2016 - 02:28
Back to Top