PuTTY SSH Client Found Vulnerable to Key Recovery Attack Created

PuTTY SSH Client Found Vulnerable to Key Recovery Attack Created

PuTTY, a widely-used SSH client, has been found vulnerable to a critical flaw that could lead to the recovery of NIST P-521 private keys. Discovered by researchers from Ruhr University Bochum, the flaw allows attackers to compromise the private key by exploiting biased ECDSA cryptographic nonces.

With just a few signed messages and the public key, attackers could forge signatures and potentially gain unauthorized access to servers authenticated with the compromised key.

Affected Systems

This vulnerability, assigned CVE-2024-31497, affects PuTTY versions 0.68 through 0.80, as well as several other software products like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN. Responsible disclosure has led to patches being released for affected software versions, such as PuTTY 0.81 and FileZilla 3.67.0.

IoC’s

-

Recommended Solution(s)

The fix involves switching to the RFC 6979 technique for all DSA and ECDSA key types to mitigate the risk of biased nonces, along with recommendations to revoke compromised ECDSA NIST-P521 keys from SSH servers.

Mitigations

It's crucial for users to update their software to the latest patched versions to protect against potential attacks exploiting this vulnerability. Additionally, revoking and removing compromised keys from SSH configurations is necessary to prevent unauthorized access to sensitive systems.

CVE / CWE

CVE-2024-31497

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2024-31497

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.