Vulnerabilities > Mobatek > Mobaxterm > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-38337 Use of Hard-coded Credentials vulnerability in Mobatek Mobaxterm
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server.
network
low complexity
mobatek CWE-798
critical
9.1
2019-05-13 CVE-2019-7690 Credentials Management vulnerability in Mobatek Mobaxterm 11.1
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server.
network
low complexity
mobatek CWE-255
critical
9.8
2017-10-16 CVE-2017-15376 Code Injection vulnerability in Mobatek Mobaxterm 10.4
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
network
low complexity
mobatek CWE-94
critical
9.8