AbsoluteTelnet SSH2 Client contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords stored in memory when a search of memery is performed, which may lead to a loss of confidentiality.
Upgrade to version 2.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
It has been reported that AbsoluteTelnet does not properly handle password information. Due to the improper handling of this information, a local user may be able to recover authentication passwords.
No exploit is required for this weakness.
The vendor has made a fixed beta version of the software available. version 2.12 is available for download at http://www.celestialsoftware.net/telnet/beta_software.html. The final fixed version will be made available at http://www.celestialsoftware.net/telnet.