HomeWinBuzzer NewsCritical Vulnerability in PuTTY SSH Client Exposes Private Keys

Critical Vulnerability in PuTTY SSH Client Exposes Private Keys

PuTTY versions 0.68 to 0.80 have a critical flaw (CVE-2024-31497) that lets attackers steal private keys with just 60 signatures.


Researchers have identified a critical vulnerability in the PuTTY Secure Shell (SSH) and Telnet client that could potentially allow attackers to recover private keys. The flaw, identified as CVE-2024-31497, affects versions of PuTTY from 0.68 to 0.80 inclusive. It specifically impacts the generation of signatures from ECDSA private keys using the NIST P521 curve.

Implications of the Vulnerability

The vulnerability poses a significant risk as it compromises the private key, enabling attackers who have access to a few dozen signed messages and the public key to recover the private key. This could allow them to forge signatures and gain unauthorized access to servers. The signatures required for this attack could be obtained by briefly compromising any server that uses the key for authentication or by momentarily gaining access to a copy of Pageant holding the key. However, it’s important to note that these signatures are not exposed to passive eavesdroppers of SSH connections.

Response and Recommendations

The vulnerability was discovered by Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum, who noted that the bias in ECDSA nonce generation for NIST P-521 was significant enough to allow full secret key recovery with roughly 60 signatures. The affected PuTTY version and related components, including FileZilla, WinSCP, and TortoiseGit, have been updated to address this security flaw. PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit now include patches for this issue. TortoiseSVN users are advised to configure the software to use Plink from the latest PuTTY 0.81 release when accessing an SVN repository via SSH until a dedicated patch is available.

Given the severity of CVE-2024-31497, it is crucial for users and administrators to update their software to the latest versions immediately. Any product or component using ECDSA NIST-P521 keys impacted by this flaw should be considered compromised, and these keys should be revoked by removing them from authorized_keys, GitHub repositories, and any other relevant platforms to prevent unauthorized access and potential data breaches.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.