PuTTY Session Manager misidentified as PuTTY

At least 3 plugins find PuTTY Session Manager version 0.50.189.0 and then trigger vulnerabilities that are not related to PuTTY Session Manager, but to PuTTY instead. Three of these are listed below, but there are likely to be more.

2013/gb_putty_mult_int_overflow_vuln_win.nasl
2019/putty/gb_putty_scp_mult_spoofing_vuln_win.nasl
pre2008/putty_logon_credential_leak.nasl

Thanks for reporting. We will take a look at the issue and get back to you, once we solved the issue or if any questions came up during our analysis.

2 Likes