CVE-2003-0047

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Published: Feb 19, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0047
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
van_dyke_technologies / securecrt	4.0.2	4.0.2.x
van_dyke_technologies / securefx	2.1.2	2.1.2.x
van_dyke_technologies / securefx	2.0.4	2.0.4.x
van_dyke_technologies / entunnel	-	1.0.2.x
van_dyke_technologies / securecrt	3.4.7	3.4.7.x

http://marc.info/?l=bugtraq&m=104386492422014&w=2
http://www.idefense.com/advisory/01.28.03.txt
http://www.securityfocus.com/bid/6726
http://www.securityfocus.com/bid/6727
http://www.securityfocus.com/bid/6728
http://www.securitytracker.com/id?1006010
http://www.securitytracker.com/id?1006011
http://www.securitytracker.com/id?1006012

Vulnerability Database

289,599

CVE-2003-0047