Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Putty Private Key Disclosure" module is designed to detect the exposure of Putty private key files. Putty is a popular SSH and Telnet client used for secure remote connections. This module focuses on identifying misconfigurations that could potentially lead to the disclosure of sensitive information.
This module has a medium severity level, indicating that it poses a moderate risk if left unaddressed. It is important to address any vulnerabilities or misconfigurations detected by this module to prevent unauthorized access to private key files.
This module was authored by DhiyaneshDk and geeknik.
If a Putty private key file is exposed, it can be accessed by unauthorized individuals. This can lead to potential security breaches, as the private key is used for authentication and encryption in SSH connections. Attackers who gain access to the private key can impersonate the legitimate user, decrypt encrypted data, and potentially gain unauthorized access to systems and sensitive information.
The "Putty Private Key Disclosure" module works by sending HTTP requests to specific paths where Putty private key files may be located. It then applies matching conditions to determine if the files are exposed.
For example, one of the HTTP requests sent by the module could be:
GET /my.ppk
The module applies two matching conditions:
- The response body must contain the words "PuTTY-User-Key-File" and "Encryption:" - The response status code must be 200 (indicating a successful request)If both conditions are met, the module identifies the presence of a Putty private key file and reports it as a vulnerability.
Reference:
Metadata:
verified: true
github-query: filename:putty.ppk