#VU88542 Cryptographic issues in PuTTY


Published: 2024-04-19 | Updated: 2024-05-13

Vulnerability identifier: #VU88542

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-31497

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PuTTY
Client/Desktop applications / Software for system administration

Vendor: Simon Tatham

Description

The vulnerability allows a remote attacker to recover NIST P-521 private keys.

The vulnerability exists due to the PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. A remote attacker can recover the NIST P-521 private key using roughly 60 valid ECDSA signatures generated by any PuTTY component under the same key.

Note, if the key has been used to sign arbitrary data (e.g., git commits by forwarding Pageant to a development host), the publicly available signatures (e.g., on GitHub) can be used as well.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PuTTY: 0.68 - 0.80

External links
http://seclists.org/oss-sec/2024/q2/122

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Fedora EPEL 8 update for putty
Fedora EPEL 9 update for putty
Fedora 38 update for putty
Fedora 39 update for putty
Fedora 40 update for putty
Fedora 38 update for filezilla, libfilezilla
Fedora 39 update for filezilla, libfilezilla
Fedora 40 update for filezilla, libfilezilla
WinSCP update for PuTTY
FileZilla update for PuTTY