Sunday, August 14, 2022

new version 2.23.1 released

 Changelog

  • SECURITY FIX: In version 2.23.0, temporary files are used for PuTTY's new command line option "-pwfile". In some cases these temporary files did not get deleted, that means files containing the password might be inside your temporary folder. So be sure to delete your temporary files folder (probably "C:\Users<USER>\AppData\Local\Temp") if you use passwords to authenticate for your ssh sessions. Instead of using temporary files, now in version 2.23.1 shared memory is used. All password files will be deleted after they got read by PuTTY/Plink. Additionally, only when PuTTY will read the password file, the password is actually written. If you don't use passwords for ssh authentication, you are not affected by this issue.
  • Bug Fix: WinSSHTerm not exiting properly in some cases when the features "Script Runner" or "Check Access" was used

2 comments:

  1. Amazing work as always. I was curious if this new plink -pwfile function worked with token auth? I'm getting an error when trying to use plink now with my jump server, whereas the previous version (months ago) was working.

    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.08.22 11:20:14 =~=~=~=~=~=~=~=~=~=~=~=
    Event Log: Leaving host lookup to proxy of "10.247.XXX.XX" (for SSH connection)
    Event Log: Starting local proxy command: plink -P 22 -l myaccountname server.test.com -nc 10.247.XXX.XX:22 -pwfile \"\\\\.\\PIPE\\ffb17154-5c3b-4c5a-94d6-9f9a53abb380\"
    Event Log: We claim version: SSH-2.0-PuTTY_Release_0.77
    Event Log: Connected to 10.247.XXX.XX
    Event Log: proxy: plink: unable to read a password from file '\\.\PIPE\ffb17154-5c3b-4c5a-94d6-9f9a53abb380'
    Event Log: Remote side unexpectedly closed network connection

    ReplyDelete
    Replies
    1. Thanks, this should be fixed in version 2.23.2

      Delete