CVE-2019-7690

CRITICAL

MobaTek MobaXterm Personal Edition v11.1 Build 3860 - Info Disclosure

Title source: llm
STIX 2.1

Description

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH Private Key.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0321
EPSS Percentile 86.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-255
Status published
Products (1)
mobatek/mobaxterm 11.1 3860
Published May 13, 2019
Tracked Since Feb 18, 2026