A severe vulnerability (CVE-2024-31497) has been discovered in PuTTY, a widely used SSH and Telnet client. This flaw could allow attackers to steal users’ NIST P-521 private keys, potentially granting them unauthorized access to servers protected by those keys.

Vulnerability Details

The vulnerability lies in PuTTY’s generation of electronic signatures using Elliptic Curve Digital Signature Algorithm (ECDSA) with the NIST P-521 curve. According to researchers Fabian Bäumer and Marcus Brinkmann from Ruhr-Universität Bochum, PuTTY versions 0.68 through 0.80 (inclusive) produce ECDSA nonces (random numbers used once for signing) with a predictable bias. This bias makes it possible for an attacker to recover a private key by analyzing just around 60 signatures generated by the vulnerable PuTTY software.

Impact

The exploitation of CVE-2024-31497 could have serious consequences for users who rely on PuTTY for secure remote access. If an attacker gains access to a user’s private key, they could potentially:

• Impersonate the user: By possessing the stolen key, an attacker could impersonate the legitimate user and gain unauthorized access to servers or applications protected by that key.
• Intercept communications: The attacker could intercept and decrypt sensitive communications between the user and the server.
• Launch further attacks: The compromised server could be used as a launching pad for additional attacks on the user’s network or other systems.

Patch and Mitigation

The PuTTY developers have promptly released a patched version (0.81) that addresses the CVE-2024-31497 vulnerability. Users are strongly urged to upgrade to PuTTY 0.81 or later as soon as possible.

Here are some additional mitigation steps users can take:

• Avoid using P-521 keys with PuTTY versions 0.68 to 0.80.
• Rotate private keys that may have been compromised.
• Be cautious when using PuTTY to connect to untrusted servers.

Conclusion

The CVE-2024-31497 vulnerability highlights the importance of keeping software up to date, especially security-critical applications like PuTTY. By promptly patching vulnerabilities and following security best practices, users can help protect themselves from cyberattacks.

Additional Resources