"Antoine SANTO" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I come to report a little strange discolsure discovered by my
> co-worker Fx0day.
>
> When you save session informations under putty and you need proxy
> for a session,
> We can find in plain clear text the login and password proxy auth in
> the windows
> database register.
>
> Strange to see a good ssh client storing plain clear text « hot »
> informations !!
The HKCU key is protected by an ACL; it is only accessible to the
user, or to someone with admin rights. So it's not best practice,
agreed, but it isn't a major vulnerability.
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
