CVE-2021-36367

CVSS 8.1 HIGHEPSS 1.1%CWE-345

In short

PuTTY allows SSH connections to proceed without proper authentication verification, making it easier for fake SSH servers to trick users into entering passwords that attackers can steal.

Technical detail

PuTTY fails to enforce authentication completion before session establishment, allowing an attacker-controlled SSH server to bypass authentication checks and subsequently present spoofed prompts to capture credentials. The vulnerability requires user interaction with a malicious server but enables credential interception for unauthorized use.

Summary generated and translated by AI from the official description.

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.tartarus.org/?p=simon/putty.git%3Ba=commit%3Bh=1dc5659aa62848f0aeb5de7bd3839fecc7debefa https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.debian.org/security/2023/dsa-5588