CVE-2003-0047 - Vulnerability Details - OpenCVE

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00081.

Key SSVC decision points have not yet been added.

Vendors	Products
Van Dyke Technologies	Entunnel Securecrt Securefx

Configuration 1 [-]

OR	cpe:2.3:a:van_dyke_technologies:entunnel::::::::
	cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:::::::*
	cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:::::::*
	cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:::::::*
	cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2003-0043	SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=104386492422014&w=2
http://www.idefense.com/advisory/01.28.03.txt
http://www.securityfocus.com/bid/6726
http://www.securityfocus.com/bid/6727
http://www.securityfocus.com/bid/6728
http://www.securitytracker.com/id?1006010
http://www.securitytracker.com/id?1006011
http://www.securitytracker.com/id?1006012

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-02-01T05:00:00

Updated: 2024-08-08T01:43:35.246Z

Reserved: 2003-01-28T00:00:00

Link: CVE-2003-0047

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-02-19T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-0047

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"name": "6727", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6727"}, {"name": "6728", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6728"}, {"name": "1006011", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006011"}, {"name": "1006010", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006010"}, {"name": "1006012", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1006012"}, {"tags": ["x_refsource_MISC"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"name": "6726", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6726"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"name": "6727", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6727"}, {"name": "6728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6728"}, {"name": "1006011", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006011"}, {"name": "1006010", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006010"}, {"name": "1006012", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006012"}, {"name": "http://www.idefense.com/advisory/01.28.03.txt", "refsource": "MISC", "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"name": "6726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6726"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:43:35.246Z"}, "title": "CVE Program Container", "references": [{"name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"name": "6727", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6727"}, {"name": "6728", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6728"}, {"name": "1006011", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1006011"}, {"name": "1006010", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1006010"}, {"name": "1006012", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1006012"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"name": "6726", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6726"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0047", "datePublished": "2003-02-01T05:00:00", "dateReserved": "2003-01-28T00:00:00", "dateUpdated": "2024-08-08T01:43:35.246Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*", "matchCriteriaId": "503444E8-431B-48A9-BF7E-A8DD3FF47E0A", "versionEndIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "9F4B4CAB-77BB-49F4-B72D-C077DB8803B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7CC992-1650-40C4-9465-A4B3DB6689C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD1D6B50-6F7E-4750-BC24-22F823E34454", "vulnerable": true}, {"criteria": "cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0858A846-9044-4360-A214-A4F7785532CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."}, {"lang": "es", "value": "Los clientes SSH2 de VanDyke SecureCRT 4.0.2 y 3.4.5, SecureFX 2.1.2 y 2.0.4, y Entunnel 1.02 y anteriores, no borran los credenciales de inicio de sesi\u00f3n de memoria, incluyendo contrase\u00f1as en texto claro, lo que podr\u00eda permitir a atacantes con acceso a memoria robar los credenciales SSH."}], "id": "CVE-2003-0047", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-02-19T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6726"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6727"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6728"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006010"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006011"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/advisory/01.28.03.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6728"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006012"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}