Unrated severityNVD Advisory· Published Jul 9, 2021· Updated Aug 4, 2024
CVE-2021-36367
CVE-2021-36367
Description
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PuTTY/PuTTYdescription
Patches
Vulnerability mechanics
References
4- www.debian.org/security/2023/dsa-5588mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2024/04/msg00016.htmlmitremailing-list
- git.tartarus.orgmitre
- www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlmitre
News mentions
0No linked articles in our index yet.