CVE-2021-36367

Name of the Vulnerable Software and Affected Versions PuTTY versions through 0.75

Description The issue is related to insufficient authentication data verification in the implementation of the SSH protocol in PuTTY. This can allow a remote attacker to gain unauthorized access to protected information. Specifically, PuTTY proceeds with establishing an SSH session even if it has never sent a substantive authentication response, making it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt. This can be used to capture credential data for purposes undesired by the client user.

Recommendations For PuTTY versions through 0.75, update to a version that addresses this issue to prevent unauthorized access. As a temporary workaround, consider disabling the use of SSH sessions until a patch is available. Restrict access to sensitive information and credentials when using PuTTY to minimize the risk of exploitation.