### [CVE-2021-36367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36367)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=-%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/MrE-Fog/ssh-mitm-2
- https://github.com/MrE-Fog/ssh-mitm-2e
- https://github.com/Rohan-flutterint/ssh-mitm
- https://github.com/manfred-kaiser/manfred-kaiser
- https://github.com/orgTestCodacy11KRepos110MB/repo-9277-ssh-mitm
- https://github.com/retr0-13/ssh-mitm-server
- https://github.com/rohan-flutterint/ssh-mitm
- https://github.com/rohankumardubey/ssh-mitm
- https://github.com/ssh-mitm/ssh-mitm