In association with heise online

12 December 2011, 11:19

Security problem in PuTTY SSH client fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PuTTY screenshot
Zoom Version 0.62 of PuTTY stops accidentally remembering passwords
The open source SSH client for Windows, PuTTY, has been updated to version 0.62. Developer Simon Tatham announced the bugfix release which includes a fix for a security issue where passwords were retained.

In previous versions of PuTTY, 0.59, 0.60 and 0.61, the password used to log on to an SSH2 server was retained in memory. The password was then retrievable by other programs that could read the memory, or could be found in swap files and crash dumps. The update also fixes non-security-related errors including correcting the rendering of underlines and VT100 line-drawing characters, removing a spurious GSSAPI authentication message, restoring saved sessions, and closing a leak of file mapping handles when authentication failed.

Details of the changes are in the release notes. Pre-built binaries and source code for the MIT-licensed PuTTY are available to download.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit