CVE-2019-7690
CRITICALMobaTek MobaXterm Personal Edition v11.1 Build 3860 - Info Disclosure
Title source: llmDescription
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH Private Key.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/yogeshshe1ke/CVE/blob/master/2019-7690/mobaxterm_exploit.py
Scores
CVSS v3
9.8
EPSS
0.0321
EPSS Percentile
86.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (1)
mobatek/mobaxterm
11.1 3860
Published
May 13, 2019
Tracked Since
Feb 18, 2026