CVE-2019-7690

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition version 11.1 Build 3860

Description The issue allows retrieval of the SSH private key and its password from process memory for the lifetime of the process, even after disconnection from the remote SSH server. This affects passwordless authentication with a password-protected SSH private key.

Recommendations For MobaXterm Personal Edition version 11.1 Build 3860, consider disabling passwordless authentication that uses a password-protected SSH private key until a fix is available. Restrict access to sensitive information and limit the use of SSH private keys to minimize the risk of exploitation.