putty: Observable Discrepancy leading to an information leak in the algorithm negotiation (CVE-2020-14002)
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).
Fixed In Version:
putty 0.74
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14002
Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764