Vulnerabilities > Mobatek > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2022-38337 | Use of Hard-coded Credentials vulnerability in Mobatek Mobaxterm When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. | 9.1 |
| 2019-05-13 | CVE-2019-7690 | Credentials Management vulnerability in Mobatek Mobaxterm 11.1 In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. | 9.8 |
| 2017-10-16 | CVE-2017-15376 | Code Injection vulnerability in Mobatek Mobaxterm 10.4 The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | 9.8 |