Fabian Baeumer

**Name of the Vulnerable Software and Affected Versions** PuTTY versions through 0.75 **Description** The issue is related to insufficient authentication data verification in the implementation of the SSH protocol in PuTTY. This can allow a remote attacker to gain unauthorized access to protected information. Specifically, PuTTY proceeds with establishing an SSH session even if it has never sent a substantive authentication response, making it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt. This can be used to capture credential data for purposes undesired by the client user. **Recommendations** For PuTTY versions through 0.75, update to a version that addresses this issue to prevent unauthorized access. As a temporary workaround, consider disabling the use of SSH sessions until a patch is available. Restrict access to sensitive information and credentials when using PuTTY to minimize the risk of exploitation.