CVE-2003-0046

Description

AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Affected products

• Celestial Software / AbsoluteTelnet2.11 – 2.11

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=104386492422014&w=2
• MISChttp://www.celestialsoftware.net/telnet/beta_software.html
• MISChttp://www.osvdb.org/7686
• MISChttp://www.securitytracker.com/id?1006013
• MISChttp://www.securityfocus.com/bid/6725
• MISChttp://www.idefense.com/advisory/01.28.03.txt