A severe vulnerability has been discovered in the PuTTY client and related components, allowing attackers to fully recover NIST P-521 private keys.
The PuTTY client generates heavily biased ECDSA nonces when using the NIST P-521 elliptic curve, causing the vulnerability tracked as CVE-2024-31497.
The PuTTY client and all related components, including FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, generate ECDSA nonces with the first 9 bits set to zero when using the NIST P-521 elliptic curve.
This significant bias in the nonce generation allows attackers to recover the full private key after observing roughly 60 valid ECDSA signatures from the same key.
The attack works by leveraging state-of-the-art lattice-based techniques to recover the private key from the biased nonces.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
An attacker can either harvest the signatures from a malicious server (since the signatures are transmitted over the secure SSH channel) or from any other source, such as signed git commits.
“All NIST P-521 client keys used with PuTTY must be considered compromised, given that the attack can be carried out even after the root cause has been fixed in the source code (assuming that ~60 pre-patch signatures are available to an adversary),” the advisory states.
Free Live Webinar.for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here
The nonce bias vulnerability allows for full secret key recovery of NIST P-521 keys after an attacker has observed approximately 60 valid ECDSA signatures generated by any PuTTY component under the same key.
This means that the attacker can forge any data signed with these compromised keys, such as git commits.
The following PuTTY-related products are affected by this vulnerability:
The vulnerability has been fixed in the latest versions of the affected products:
Users are strongly advised to update to these patched versions as soon as possible to mitigate the risk of private key compromise.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
Cybersecurity experts have identified a new malware, Rutger Stealer, specifically designed to hijack login credentials…
Hedgey Finance, a prominent token infrastructure platform, has reported a massive theft of approximately $44.5…
Tanto Security has disclosed critical vulnerabilities in the widely-used open-source service Judge0, which could allow…
In the rapidly evolving, complex threat landscape, EDR companies are constantly racing against new vectors.…
In a sophisticated cyberattack that unfolded over 29 days, cybersecurity analysts have meticulously traced the…
A new vulnerability has been discovered in Telegram, allowing a threat actor to hijack a…