Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Celestial Software AbsoluteTelnet SSH2验证本地密码泄露漏洞
Vulnerability Description
AbsoluteTelnet是一款终端客户程序,支持多种协议包括Telnet、SSH1、SSH2等,可使用在Win32平台下。 AbsoluteTelnet没有安全处理密码信息,本地攻击者可以利用这个漏洞恢复用户验证密码信息。 AbsoluteTelnet没有正确处理内存中的信息,允许本地攻击者访问内存或Dump内存信息而获得验证信息。当通过SSH2连接服务器时,攻击者可以搜索内存获得登录信息。通过搜索第一次出现的字符串"password",就可以获得密码信息,因为用户的密码信息以明文方式存储在此字符串之
CVSS Information
N/A
Vulnerability Type
N/A