Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed during SSH login; other examples include obsolete session keys, public-key passphrases, and the private halves of public keys.
PuTTY 0.59 to 0.61 inclusive had a bug in which they failed to wipe
from memory the replies typed by the user during
keyboard-interactive
authentication. Since most modern
SSH-2 servers use the keyboard-interactive
method for
password logins (rather than SSH-2's dedicated password
method), this meant that those versions of PuTTY would store your
login password in memory for as long as they were running.
PuTTY 0.62 fixes this bug. Keyboard-interactive responses, including passwords, are now correctly wiped from PuTTY's memory again.
However, it is still unavoidably very dangerous if malicious software is in a position to read the memory of your PuTTY processes: there is still a lot of sensitive data in there which cannot be wiped because it's still being used, e.g. session keys. If you're using public-key authentication and malware can read a Pageant process, that's even worse, because the decrypted private keys are stored in Pageant! This fix somewhat mitigates the risks, but no fix can eliminate them completely.
Audit trail for this vulnerability.