Name of the Vulnerable Software and Affected Versions putty versions prior to 0.72

Description The issue affects the obsolete SSH-1 protocol and is available before host key checking. Additionally, there is a vulnerability in all the SSH client tools, including PuTTY, Plink, PSFTP, and PSCP, if a malicious program can impersonate Pageant. A crash can also occur in GSSAPI / Kerberos key exchange if the server provides an ordinary SSH host key as part of the exchange.

Recommendations For putty versions prior to 0.72, update to version 0.72 or later to resolve the issues. As a temporary workaround, consider restricting access to the SSH-1 protocol and be cautious of malicious programs impersonating Pageant. Restrict the use of GSSAPI / Kerberos key exchange until the update is applied.