CVE-2003-0047 Information

Description

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7 (2) SecureFX 2.1.2 and 2.0.4 and (3) Entunnel 1.0.2 and earlier do not clear logon credentials from memory including plaintext passwords which could allow attackers with access to memory to steal the SSH credentials.

Reference

http://marc.info/?l=bugtraq&m=104386492422014&w=2 http://www.idefense.com/advisory/01.28.03.txt http://www.securityfocus.com/bid/6726 http://www.securityfocus.com/bid/6727 http://www.securityfocus.com/bid/6728 http://www.securitytracker.com/id?1006010 http://www.securitytracker.com/id?1006011 http://www.securitytracker.com/id?1006012