PT-2019-18704 · Mobaxterm · Mobaxterm Personal Edition

Y0Gesh_She1Ke

Published

2019-05-13

Updated

2019-05-15

CVE-2019-7690

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition version 11.1 Build 3860

Description The issue allows retrieval of the SSH private key and its password from process memory for the lifetime of the process, even after disconnection from the remote SSH server. This affects passwordless authentication with a password-protected SSH private key.

Recommendations For MobaXterm Personal Edition version 11.1 Build 3860, consider disabling passwordless authentication that uses a password-protected SSH private key until a fix is available. Restrict access to sensitive information and limit the use of SSH private keys to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2019-7690

Affected Products

Mobaxterm Personal Edition

PT-2019-18704 · Mobaxterm · Mobaxterm Personal Edition

CVE-2019-7690

Weakness Enumeration

Related Identifiers

Affected Products

References · 3