CVE-2021-36367

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

Source: CVE-2021-36367

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다