mailing list archives
Re: PuTTY private key passphrase stealing attack
From: Joachim Schipper <joachim () joachimschipper nl>
Date: Tue, 1 Jun 2010 12:03:00 +0200
On Tue, Jun 01, 2010 at 02:47:07AM +0200, Jan Schejbal wrote:
PuTTY, a SSH client for Windows, requests the passphrase to the ssh
key in the console window used for the connection. This could allow
a malicious server to gain access to a user's passphrase by spoofing
The possibility of such spoofing attacks is known:
Other software affected:
Probably many console-based SSH tools have similar issues.
This was also discussed in the context of OpenSSH; I am familiar with
but that was probably not the first time either.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/