PuTTY Vulnerability (CVE-2024-31497)

A security vulnerability, identified as CVE-2024-31497, has been discovered in PuTTY, the widely used SSH and Telnet client. This flaw arises from a significant bias in the generation of ECDSA nonces when using the NIST P-521 elliptic curve. Specifically, the first 9 bits of each nonce are set to zero, making the nonces predictable and vulnerable to attack. As a result, an attacker could potentially recover a private key after observing just 60 valid ECDSA signatures generated by the affected PuTTY versions.

The vulnerability affects PuTTY versions 0.68 to 0.80, as well as several other applications that bundle these versions, including FileZilla, WinSCP, TortoiseGit, and TortoiseSVN. This also affects FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

  • FileZilla (3.24.1 โ€“ 3.66.5)
  • WinSCP (5.9.5 โ€“ 6.3.2)
  • TortoiseGit (2.4.0.2 โ€“ 2.15.0)
  • TortoiseSVN (1.10.0 โ€“ 1.14.6)

Exploiting this vulnerability requires significant resources, but once successful, an attacker could gain unauthorized access to SSH servers, compromising sensitive data and systems.

The issue has been addressed in PuTTY version 0.81, which implements a more secure method of nonce generation. Users of affected versions are strongly advised to update their software immediately and to consider any NIST P-521 keys used with these versions as compromised, necessitating their replacement.

(see CVE-2024-31497 for details)