Name of the Vulnerable Software and Affected Versions putty versions prior to 0.72

Description The issue affects the obsolete SSH-1 protocol and is available before host key checking. Additionally, there is a vulnerability in all the SSH client tools if a malicious program can impersonate Pageant. A crash can also occur in GSSAPI / Kerberos key exchange if the server provided an ordinary SSH host key as part of the exchange.

Recommendations For putty versions prior to 0.72, update to version 0.72 or later to resolve the issues. As a temporary workaround, consider restricting access to the SSH client tools until the update is applied. Avoid using the SSH-1 protocol if possible, and ensure that Pageant is properly secured to prevent impersonation.