Update the client version before it's too late.
PuTTY warn about a critical vulnerability affecting versions from 0.68 to 0.80. The flaw may allow an attacker to fully recover NIST-P521 private keys.
Vulnerability CVE-2024-31497 occurs due to failures in the generation of cryptographic ECDSA nonces (Cryptographic nonce), which allows you to restore private keys. Researchers Fabian Boimer and Markus Brinkmann of the Ruhr University Bochum are credited with discovering the error.
The first 9 bits of each ECDSA nonce are zero, which makes it possible to fully recover the secret key from approximately 60 signatures using state-of-the-art methods.
An attacker who owns several dozen signed messages and a public key will have enough data to recover the private key and forge signatures, which can lead to unauthorized access to servers and services that use this key.
The problem also affected other products integrated with vulnerable versions of PuTTY:
After responsible disclosure, the issue was resolved in new versions of PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3 and TortoiseGit 2.15.0.1. Product developers used the RFC 6979 technique to generate all types of DSA and ECDSA keys, abandoning the previous method.
TortoiseSVN users are advised to use Plink from the latest PuTTY 0.81 release when accessing SVN repositories via SSH before the update is released.
NIST-P521 ECDSA keys used in any of the vulnerable components should be considered compromised and immediately revoked by deleting them from the "~/.ssh/authorized_keys " files and similar ones on other SSH servers.
PuTTY warn about a critical vulnerability affecting versions from 0.68 to 0.80. The flaw may allow an attacker to fully recover NIST-P521 private keys.
Vulnerability CVE-2024-31497 occurs due to failures in the generation of cryptographic ECDSA nonces (Cryptographic nonce), which allows you to restore private keys. Researchers Fabian Boimer and Markus Brinkmann of the Ruhr University Bochum are credited with discovering the error.
The first 9 bits of each ECDSA nonce are zero, which makes it possible to fully recover the secret key from approximately 60 signatures using state-of-the-art methods.
An attacker who owns several dozen signed messages and a public key will have enough data to recover the private key and forge signatures, which can lead to unauthorized access to servers and services that use this key.
The problem also affected other products integrated with vulnerable versions of PuTTY:
- FileZilla (3.24.1 - 3.66.5);
- WinSCP (5.9.5 - 6.3.2);
- TortoiseGit (2.4.0.2 - 2.15.0);
- TortoiseSVN (1.10.0 - 1.14.6).
After responsible disclosure, the issue was resolved in new versions of PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3 and TortoiseGit 2.15.0.1. Product developers used the RFC 6979 technique to generate all types of DSA and ECDSA keys, abandoning the previous method.
TortoiseSVN users are advised to use Plink from the latest PuTTY 0.81 release when accessing SVN repositories via SSH before the update is released.
NIST-P521 ECDSA keys used in any of the vulnerable components should be considered compromised and immediately revoked by deleting them from the "~/.ssh/authorized_keys " files and similar ones on other SSH servers.
