Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PuTTY 数据伪造问题漏洞
Vulnerability Description
PuTTY是Simon Tatham个人开发者的一套免费的Telnet、Rlogin和SSH客户端软件。该软件主要用于对Linux系统进行远程管理。 PuTTY 存在安全漏洞,该漏洞源于PuTTY从未发送过实质性的身份验证响应时,也会继续建立SSH会话。攻击者可利用该漏洞导致控制的SSH服务器更容易在稍后提供欺骗身份验证提示(使用该提示捕获凭证数据,并将该数据用于客户机用户不希望的目的)。
CVSS Information
N/A
Vulnerability Type
N/A