14 DAY TRIAL // The latest beta version of the Telnet and SSH implementation, PuTTY 0.62 Beta, fixes a severe security flaw that allowed for passwords to be accidentally retained in memory.
Normally, when Putty has no further need for data such as the passwords typed during SSH login, obsolete session keys, or private halves of public keys, they should be wiped out of the application’s memory to prevent malware from accessing the data.
The variants 0.59, 0.60 and 0.61 failed to clean the memory of data inputted by the user during the keyboard-interactive authentication process, but the latest 0.62 version resolves the issue.
However, the risk cannot be eliminated completely, since a lot of sensitive data needs to be kept in the memory while the user is still logged in.
This means that malicious software may still be able to access the information, especially if public-key authentication is utilized and the malware is able to read the Pageant process where the decrypted private keys are stored.
PuTTY 0.62 Beta for Windows is available for download here. PuTTY 0.62 Beta for Linux is available for download
here
PuTTY 0.62 Beta for portable devices is available for download here