Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2021-36367

Published: 09/07/2021 Updated: 25/04/2024
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 518
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Putty

Vulnerability Summary

PuTTY up to and including 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

putty putty

Vendor Advisories

Debian CVElist Bug Report Logs: putty: CVE-2021-36367
Debian Bug report logs - #990901 putty: CVE-2021-36367 Package: src:putty; Maintainer for src:putty is Colin Watson <cjwatson@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 10 Jul 2021 21:27:04 UTC Severity: important Tags: security, upstream Found in versions putty/063-10+deb8u1, put ...
Debian Security Advisories: DSA-5588-1 putty -- security update
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and d ...
Arch Linux Issues:
PuTTY through 075 proceeds with establishing an SSH session even if it has never sent a substantive authentication response This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the clie ...

Github Repositories

https://github.com/orgTestCodacy11KRepos110MB/repo-9277-ssh-mitm

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation Contributors Table of Contents Introduction Features Installation Quickstart Session hijacking Phishing FIDO Tokens Contributing Contact Introduction

https://github.com/MrE-Fog/ssh-mitm-2

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation Contributors Table of Contents Introduction Features Installation Quickstart Session hijacking Phishing FIDO Tokens Contributing Contact Introduction

https://github.com/retr0-13/ssh-mitm-server

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation Explore the docs » Table of Contents Introduction Features Installation Quickstart Session hijacking Publickey authentication Contributing Introduction

https://github.com/MrE-Fog/ssh-mitm-2e

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation Contributors Table of Contents Introduction Features Installation Quickstart Session hijacking Phishing FIDO Tokens Contributing Contact Introduction

https://github.com/ssh-mitm/ssh-mitm

SSH-MITM - ssh audits made simple

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation         Contributors Table of Contents Introduction Features Installation Quickstart Session hi

https://github.com/rohankumardubey/ssh-mitm

SSH-MITM - ssh audits made simple ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation Explore the docs » Table of Contents Introduction Features Installation Quickstart Session hijacking Phishing FIDO Tokens Contributing Introduction S

https://github.com/manfred-kaiser/manfred-kaiser

SSH-MITM Server SSH-MITM is a man in the middle (mitm) server for security audits supporting public key authentication, session hijacking and file manipulation Installation SSH-MITM The first step to using any software package is getting it properly installed To install SSH-MITM, simply run this simple command in your terminal of choice: $ pip install ssh-mitm

References

CWE-345https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlhttps://git.tartarus.org/?p=simon/putty.git%3Ba=commit%3Bh=1dc5659aa62848f0aeb5de7bd3839fecc7debefahttps://www.debian.org/security/2023/dsa-5588https://lists.debian.org/debian-lts-announce/2024/04/msg00016.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990901https://www.debian.org/security/2023/dsa-5588https://nvd.nist.govhttps://github.com/ssh-mitm/ssh-mitm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook