CVE-2003-0047 - OpenCVE

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Van Dyke Technologies	Securecrt Entunnel Securefx

Configuration 1 [-]

OR	cpe:2.3:a:van_dyke_technologies:entunnel::::::::
	cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:::::::*
	cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:::::::*
	cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:::::::*
	cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=104386492422014&w=2
http://www.idefense.com/advisory/01.28.03.txt	Patch Vendor Advisory
http://www.securityfocus.com/bid/6726
http://www.securityfocus.com/bid/6727
http://www.securityfocus.com/bid/6728
http://www.securitytracker.com/id?1006010
http://www.securitytracker.com/id?1006011
http://www.securitytracker.com/id?1006012

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-02-01T05:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2003-01-28T00:00:00

Link: CVE-2003-0047

JSON object: View

NVD Information

Status : Modified

Published: 2003-02-19T05:00:00.000

Modified: 2016-10-18T02:28:45.217

Link: CVE-2003-0047

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"name": "6727", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6727"}, {"name": "6728", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6728"}, {"name": "1006011", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006011"}, {"name": "1006010", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006010"}, {"name": "1006012", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006012"}, {"tags": ["x_refsource_MISC"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"name": "6726", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6726"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"name": "6727", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6727"}, {"name": "6728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6728"}, {"name": "1006011", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006011"}, {"name": "1006010", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006010"}, {"name": "1006012", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006012"}, {"name": "http://www.idefense.com/advisory/01.28.03.txt", "refsource": "MISC", "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"name": "6726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6726"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0047", "datePublished": "2003-02-01T05:00:00", "dateReserved": "2003-01-28T00:00:00", "dateUpdated": "2016-10-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*", "matchCriteriaId": "503444E8-431B-48A9-BF7E-A8DD3FF47E0A", "versionEndIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "9F4B4CAB-77BB-49F4-B72D-C077DB8803B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7CC992-1650-40C4-9465-A4B3DB6689C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD1D6B50-6F7E-4750-BC24-22F823E34454", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0858A846-9044-4360-A214-A4F7785532CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}, {"lang": "es", "value": "Los clientes SSH2 de VanDyke SecureCRT 4.0.2 y 3.4.5, SecureFX 2.1.2 y 2.0.4, y Entunnel 1.02 y anteriores, no borran los credenciales de inicio de sesi\u00f3n de memoria, incluyendo contrase\u00f1as en texto claro, lo que podr\u00eda permitir a atacantes con acceso a memoria robar los credenciales SSH."}], "id": "CVE-2003-0047", "lastModified": "2016-10-18T02:28:45.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-02-19T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6726"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6727"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6728"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006010"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006011"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006012"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}