Security researchers Fabian Bäumer and Marcus Brinkmann from Ruhr University Bochum have identified a severe security flaw (CVE-2024-31497) in the popular SSH client PuTTY, affecting versions 0.68 to 0.80. This vulnerability extends to various software like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, compromising private keys used in the ECDSA algorithm with the NIST P-521 curve.
Vulnerability Details
The CVE-2024-31497 vulnerability stems from PuTTY’s flawed generation of random values (nonces) within the ECDSA signature process. In configurations with NIST P-251, the randomness is significantly biased, allowing attackers to reconstruct the private key with just around 60 compromised signatures.
Who’s Vulnerable
Users of PuTTY and related products relying on ECDSA NIST P-521 keys for SSH authentication are at risk. Attackers can acquire necessary signatures by briefly compromising SSH servers or from public sources where the key has been used, like signed Git commits.
Affected Tools
This vulnerability extends beyond PuTTY to impact several other tools, including FileZilla (Versions 3.24.1 – 3.66.5), WinSCP (Versions 5.9.5 – 6.3.2), TortoiseGit (Versions 2.4.0.2 – 2.15.0), and TortoiseSVN (Versions 1.10.0 – 1.14.6).
Consequences of Exploitation
Compromised private keys pose significant risks, allowing attackers to impersonate users and gain unauthorized access to servers. Even after patching, previously exposed keys remain permanently compromised, necessitating immediate action.
Recommended Actions
1- Identify Vulnerable Keys: Verify if you use ECDSA NIST P-521 keys, identifiable in PuTTYgen by fingerprints starting with “ecdsa-sha2-nistp521”.
2- Revoke Compromised Keys: Remove compromised public keys from authorized_keys files on servers and online services like GitHub to prevent unauthorized access.
3- Generate New Keys: Create fresh key pairs, preferably using Ed25519, to replace compromised ones and ensure secure authentication.
4- Update Software: Immediately update PuTTY to version 0.81 or later, along with FileZilla (version 3.67.0), WinSCP (version 6.3.3), TortoiseGit (version 2.15.0.1), and TortoiseSVN. For users unable to update TortoiseSVN, switch to using the updated PuTTY Plink for SSH connections.
Additional Information
The flaw does not expose signatures through passive network snooping; attackers require active control of a server or access to signed data.
While other ECDSA key sizes show slight bias, they are not practically exploitable at this time. Stay vigilant for further updates and advisories from security experts.
