Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
In 0.71, the fix for vuln-auth-prompt-spoofing added 'trust sigils' -- PuTTY icons at the start of locally generated lines -- to distinguish them from data sent by the server.
In both the SSH-1 and Rlogin protocols, these trust sigils were accidentally not turned off at the end of authentication, so that all data throughout the session was tagged with a trust sigil.
As well as removing the useful distinction between trusted and untrusted output, this also meant that 3 columns of the terminal were unusable, which would have caused formatting issues in many applications.
(The commonly used SSH-2 protocol is not affected, only the obsolete SSH-1 protocol that is rarely used. In PuTTY 0.68 and later, we no longer support automatic fallback to SSH-1 from SSH-2, so any saved session configured to the default of SSH-2 will not suffer from this issue.)