CVE-2020-14002

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.68 through 0.73

Description The issue allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client, due to an Observable Discrepancy leading to an information leak in the algorithm negotiation.

Recommendations For PuTTY versions 0.68 through 0.73, update to a version that contains a fix for this issue to prevent information leaks during algorithm negotiation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2021-1774

ALT-PU-2021-1860

ALT-PU-2023-4867

CVE-2020-14002

DLA-3794-1

MGASA-2020-0358

MGASA-2021-0380

Affected Products

Alt Linux

Putty

CVE-2020-14002

Weakness Enumeration

Related Identifiers

Affected Products

References · 31