Putty Secure Shell ...
Clear all

Putty Secure Shell (SSH) and Telnet client CVE-2024-31497 vulnerability

1 Posts
1 Users
0 Reactions
Brandon Lee
Posts: 554
Member Admin
Topic starter

Heads up! If you use Putty (who doesn't on Windows?)

  • Critical Vulnerability Alert: The PuTTY SSH and Telnet client maintainers are warning users about a critical vulnerability (CVE-2024-31497) in versions 0.68 through 0.80 that allows for the full recovery of NIST P-521 private keys.

  • Vulnerability Discovery: The vulnerability was discovered by Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum.

  • Security Risk: An attacker can recover the private ECDSA key by obtaining a few dozen signatures and the public key, enabling them to forge signatures and potentially access servers using the compromised key.

  • Source of Compromise: The vulnerability stems from biased ECDSA cryptographic nonces; specifically, the first 9 bits of each nonce are zero, allowing key recovery from about 60 signatures.

  • Method of Attack: Signatures for the attack can be collected through malicious servers or other sources such as signed git commits, but not through man-in-the-middle attacks as clients do not transmit their signature clearly.

  • Affected Products: Apart from PuTTY, the vulnerability also affects FileZilla (versions 3.24.1 to 3.66.5), WinSCP (versions 5.9.5 to 6.3.2), TortoiseGit (versions to 2.15.0), and TortoiseSVN (versions 1.10.0 to 1.14.6).

  • Patch and Updates: The issue has been fixed in newer releases—PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit TortoiseSVN users should use Plink from the latest PuTTY 0.81 release for SSH access to SVN repositories until a patch is available.

  • Security Measures: The fix involves switching to RFC 6979 for deriving nonces for all DSA and ECDSA key types. Previously used deterministic methods were prone to bias in the case of P-521.

  • Recommendations for Users: All ECDSA NIST-P521 keys used with the vulnerable software should be considered compromised and revoked by removing them from authorized_keys files and similar setups in other SSH systems.


Posted : 16/04/2024 8:58 am