[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)

To: Antoine SANTO <Antoine.SANTO@xxxxxxx>
Subject: Re: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
From: Matthew Flaschen <matthew.flaschen@xxxxxxxxxx>
Date: Wed, 25 Oct 2006 11:03:48 -0400

Why can't you generate the encryption key from a passphrase?

Matthew Flaschen

Antoine SANTO wrote:
>> Hi,
>>
>> I come to report a little strange discolsure discovered by my
>> co-worker Fx0day.
>>
>> When you save session informations under putty and you need proxy
>> for a session,
>> We can find in plain clear text the login and password proxy auth in
>> the windows
>> database register.
>>
>> Strange to see a good ssh client storing plain clear text < hot >
>> informations !!
> 
> Unfortunately, there's no way to encrypt it securely, because there's
> nowhere safe to store an encryption key.
> 
> Cheers,
> Simon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
  - From: Simon Tatham

References:
- [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
  - From: Antoine SANTO

Prev by Date: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
Next by Date: Re: [Full-disclosure] Putty Proxy login/password discolsure....
Previous by thread: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
Next by thread: Re: [Full-disclosure] RE : Putty Proxy login/password discolsure....(Answer from PUTTY Staff)
Index(es):
- Date
- Thread