The host is installed with PuTTY and is prone to information disclosure vulnerability.

Successful exploitation will allow local attacker to read the passwords within the memory in clear text until the program stops running.

Upgrade to version 0.62 or later, For updates refer to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Flaw is due to improper handling of session passwords that were stored in the memory during the keyboard-interactive authentication

PuTTY version 0.59 before 0.62 on Windows

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://cxsecurity.com/cveshow/CVE-2011-4607
• http://seclists.org/oss-sec/2011/q4/500
• http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html

---

Updated on 2017-03-28