Vulnerability Details CVE-2003-0047
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://marc.info/?l=bugtraq&m=104386492422014&w=2
- http://www.idefense.com/advisory/01.28.03.txt
- http://www.securityfocus.com/bid/6726
- http://www.securityfocus.com/bid/6727
- http://www.securityfocus.com/bid/6728
- http://www.securitytracker.com/id?1006010
- http://www.securitytracker.com/id?1006011
- http://www.securitytracker.com/id?1006012
- http://marc.info/?l=bugtraq&m=104386492422014&w=2
- http://www.idefense.com/advisory/01.28.03.txt
- http://www.securityfocus.com/bid/6726
- http://www.securityfocus.com/bid/6727
- http://www.securityfocus.com/bid/6728
- http://www.securitytracker.com/id?1006010
- http://www.securitytracker.com/id?1006011
- http://www.securitytracker.com/id?1006012
Products affected by CVE-2003-0047
-
cpe:2.3:a:van_dyke_technologies:entunnel:*
-
cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7
-
cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2
-
cpe:2.3:a:van_dyke_technologies:securefx:2.0.4
-
cpe:2.3:a:van_dyke_technologies:securefx:2.1.2