HomeCyber BalkansPuTTY Private Key Recovery Vulnerability

PuTTY Private Key Recovery Vulnerability

Published on

spot_img

Security researchers have unveiled a critical vulnerability in the widely used PuTTY SSH and Telnet client, along with a Proof-of-Concept (PoC) exploit to demonstrate the flaw. The vulnerability, identified as CVE-2024-31497, specifically impacts PuTTY versions 0.68 through 0.80 and enables attackers to recover private keys generated with the NIST P-521 elliptic curve.

The root cause of the vulnerability lies in PuTTY’s biased generation of ECDSA nonces when utilizing the P-521 curve. Upon investigation, researchers discovered that the first 9 bits of each nonce are consistently zero, paving the way for full private key retrieval from approximately 60 signatures through lattice cryptanalysis techniques.

To showcase the practicality of the attack, security researcher Hugo Bond shared a PoC exploit on GitHub that exploits the nonce bias to extract the private key from a series of signatures generated by an affected PuTTY version. Attackers could potentially gather the necessary signatures in various ways, such as setting up a malicious SSH server to intercept signatures from connecting PuTTY clients or extracting signatures from signed Git commits or other sources where PuTTY served as an SSH agent.

The impact of this vulnerability extends beyond the PuTTY client itself, affecting several other prominent tools that integrate vulnerable PuTTY versions, including FileZilla 3.24.1 – 3.66.5, WinSCP 5.9.5 – 6.3.2, TortoiseGit 2.4.0.2 – 2.15.0, and TortoiseSVN 1.10.0 – 1.14.6. PuTTY developers have swiftly responded by releasing version 0.81 to patch the flaw, and updated versions are also available for most of the impacted third-party tools.

Despite the availability of patched versions, the exploit remains a threat if an attacker possesses roughly 60 signatures generated with a vulnerable PuTTY version. Consequently, any NIST P-521 keys utilized with PuTTY or related tools should be deemed compromised and promptly revoked to mitigate potential risks.

Considering PuTTY’s widespread adoption, particularly among Windows users, the vulnerability presents a significant concern for a broad user base. As a precautionary measure, all users are strongly advised to upgrade to patched versions without delay and replace any potentially compromised keys to safeguard their systems.

The release of a PoC exploit further heightens the urgency of addressing this vulnerability, as threat actors may capitalize on the exploit in real-world scenarios. Therefore, proactive measures, such as downloading the patched versions and revoking compromised keys, are crucial to fortifying defenses against potential attacks.

In conclusion, the disclosure of the PuTTY client vulnerability underscores the importance of prompt mitigation efforts and proactive security measures to thwart potential exploitation by malicious entities. By staying vigilant and swiftly implementing the recommended safeguards, users can bolster their cybersecurity posture and reduce the risk of falling victim to exploits targeting this critical vulnerability.

Source link

Latest articles

India and Estonia Form Cyber Security Partnership to Address Risks Posed by Chinese Hackers

India and Estonia, two countries with different strengths in the field of cybersecurity, are...

93% of vulnerabilities remain unanalyzed by NVD since February

The recent slowdown at the National Vulnerability Database has caused a backlog of 93%...

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...

ShrinkLocker: Turning BitLocker into ransomware – Source: securelist.com

In a recent incident response engagement, a clever technique involving the misuse of the...

More like this

India and Estonia Form Cyber Security Partnership to Address Risks Posed by Chinese Hackers

India and Estonia, two countries with different strengths in the field of cybersecurity, are...

93% of vulnerabilities remain unanalyzed by NVD since February

The recent slowdown at the National Vulnerability Database has caused a backlog of 93%...

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...
en_USEnglish