Cryptographic issues in PuTTY - CVE-2024-31497
Published: April 15, 2024 / Updated: May 13, 2024
Vulnerability identifier: #VU88542
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2024-31497
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Simon Tatham
Affected software:
PuTTY
PuTTY
Detailed vulnerability description
The vulnerability allows a remote attacker to recover NIST P-521 private keys.
The vulnerability exists due to the PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. A remote attacker can recover the NIST P-521 private key using roughly 60 valid ECDSA signatures generated by any PuTTY component under the same key.
Note, if the key has been used to sign arbitrary data (e.g., git commits by forwarding Pageant to a development host), the publicly available signatures (e.g., on GitHub) can be used as well.
How to mitigate CVE-2024-31497
Install updates from vendor's website.