Security researchers have unveiled a critical vulnerability in the widely used PuTTY SSH and Telnet client, along with a Proof-of-Concept (PoC) exploit to demonstrate the flaw. The vulnerability, identified as CVE-2024-31497, specifically impacts PuTTY versions 0.68 through 0.80 and enables attackers to recover private keys generated with the NIST P-521 elliptic curve.
The root cause of the vulnerability lies in PuTTY’s biased generation of ECDSA nonces when utilizing the P-521 curve. Upon investigation, researchers discovered that the first 9 bits of each nonce are consistently zero, paving the way for full private key retrieval from approximately 60 signatures through lattice cryptanalysis techniques.
To showcase the practicality of the attack, security researcher Hugo Bond shared a PoC exploit on GitHub that exploits the nonce bias to extract the private key from a series of signatures generated by an affected PuTTY version. Attackers could potentially gather the necessary signatures in various ways, such as setting up a malicious SSH server to intercept signatures from connecting PuTTY clients or extracting signatures from signed Git commits or other sources where PuTTY served as an SSH agent.
The impact of this vulnerability extends beyond the PuTTY client itself, affecting several other prominent tools that integrate vulnerable PuTTY versions, including FileZilla 3.24.1 – 3.66.5, WinSCP 5.9.5 – 6.3.2, TortoiseGit 2.4.0.2 – 2.15.0, and TortoiseSVN 1.10.0 – 1.14.6. PuTTY developers have swiftly responded by releasing version 0.81 to patch the flaw, and updated versions are also available for most of the impacted third-party tools.
Despite the availability of patched versions, the exploit remains a threat if an attacker possesses roughly 60 signatures generated with a vulnerable PuTTY version. Consequently, any NIST P-521 keys utilized with PuTTY or related tools should be deemed compromised and promptly revoked to mitigate potential risks.
Considering PuTTY’s widespread adoption, particularly among Windows users, the vulnerability presents a significant concern for a broad user base. As a precautionary measure, all users are strongly advised to upgrade to patched versions without delay and replace any potentially compromised keys to safeguard their systems.
The release of a PoC exploit further heightens the urgency of addressing this vulnerability, as threat actors may capitalize on the exploit in real-world scenarios. Therefore, proactive measures, such as downloading the patched versions and revoking compromised keys, are crucial to fortifying defenses against potential attacks.
In conclusion, the disclosure of the PuTTY client vulnerability underscores the importance of prompt mitigation efforts and proactive security measures to thwart potential exploitation by malicious entities. By staying vigilant and swiftly implementing the recommended safeguards, users can bolster their cybersecurity posture and reduce the risk of falling victim to exploits targeting this critical vulnerability.