Primary

Context

MTPutty Sensitive Information Disclosure Vulnerability Allowing SSH Password Exposure

Vulnerability

A vulnerability in MTPutty version 1.0.1.21 allows local attackers to disclose sensitive information by accessing SSH connection passwords through the Windows PowerShell process listing. Exploitation involves running a PowerShell command that retrieves the full command line of MTPutty processes, revealing plaintext SSH credentials.

Impact

Successful exploitation of this vulnerability allows for unauthorized access to SSH passwords, which could lead to unauthorized access to systems or data via SSH.

Reproduction

To reproduce this vulnerability, open MTPutty and create a new SSH connection. Once connected, execute a PowerShell command to retrieve the command line of the MTPutty process. The output will include the SSH password in plaintext.

Added: Jan 15, 2026, 4:44 PM

Updated: Jan 15, 2026, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MTPutty Sensitive Information Disclosure Vulnerability Allowing SSH Password Exposure

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating