[Full-disclosure] Putty Proxy login/password discolsure....

[Dave "No, not that one" Korn]

"Antoine SANTO" <Antoine.SANTO at maaf.fr> wrote in message
news:021001c6f822$94e12f40$595ce60a at maafprod.ecorail.com...

> Hi,
>
> I come to report a little strange discolsure discovered by my
> co-worker Fx0day.
>
> When you save session informations under putty and you need proxy
> for a session,
> We can find in plain clear text the login and password proxy auth in
> the windows
> database register.
>
> Strange to see a good ssh client storing plain clear text « hot »
> informations !!

   The HKCU key is protected by an ACL; it is only accessible to the
 user, or to someone with admin rights.  So it's not best practice,
 agreed, but it isn't a major vulnerability.


     cheers,
       DaveK
-- 
Can't think of a witty .sigline today....