Developers of Putty have issued a warning regarding a critical vulnerability affecting versions 0.68 to 0.80. This vulnerability could potentially allow an attacker to completely recover the private keys of NIST-P521. The vulnerability, known as cve-2024-31497, stems from flaws in the generation of cryptographic disposable numbers ECDSA, also known as Cryptographic Nonces. Researchers at the University of Rurus in Bochoma, Fabiana Boymer and Marcus Brinkmann, discovered this issue.
The vulnerability arises from the first 9 bits of each ECDSA disposable number being zero, allowing for the complete recovery of secret keys using modern methods with around 60 signatures. Attackers with several signed messages and a public key can exploit this to restore a private key and falsify signatures, potentially gaining unauthorized access to servers and services that use the compromised key.
Aside from Putty, other products integrated with the vulnerable versions are also affected. These products include FileZilla (3.24.1 – 3.66.5), WinSCP (5.9.5 – 6.3.2), Tortoisegit (2.4.0.2 – 2.15.0), and TortoISESVN (1.10.0 – 1.14.6).
- FileZilla 3.67.0, WinSCP 6.3.3, and Tortoisegit 2.15.0.1 have addressed the issue in their new versions after the responsible disclosure of the vulnerability. These updated versions have implemented the technique outlined in RFC 6979 to generate DSA and ECDSA keys, replacing the previous method.
- TortoISESVN users are advised to use PLINK from the latest Putty release (0.81) when accessing SVN re-governments through SSH until the update is released.
- Furthermore, any ECDSA NIST-P521 keys used in the vulnerable components should be considered compromised and immediately revoked by deleting them from relevant files and servers.