Private Keys Exposed : Critical PuTTY Vulnerability: CVE-2024-31497
Private Keys Exposed : Critical PuTTY Vulnerability: CVE-2024-31497
An attacker can quickly retrieve a user's NIST P-521 secret key in about 60 signatures via biased ECDSA nonce creation in PuTTY 0.68 through 0.80 before 0.81. This is crucial in the event that a hostile party is able to read communications that are signed with Pageant or PuTTY.
Given that Pageant used an agent-forwarding mechanism to sign the requisite set of signed messages and that they are kept in a public Git server that allows SSH commit signing, it's possible that the messages can be viewed by the general public.
It is possible for an adversary to obtain sufficient signature data to breach a victim's private key even in the event that vulnerable PuTTY versions are no longer used. An attacker may be able to launch supply-chain assaults against software maintained in Git following a significant compromise.
Another independent scenario involves the victim using the same private key to connect SSHly to other services run by different entities, even though the victim does not fully trust the adversary's SSH server, which the victim authenticates to for remote login or file copying.
Here, the victim's private key can be obtained by the rogue server operator, who would not otherwise be able to utilize it to gain illegal access to those other services against the other hand, supply-chain assaults against software maintained in Git would be feasible if the other providers offer Git services.
For instance, FileZilla prior to 3.67.0, WinSCP prior to 6.3.3, TortoiseGit prior to 2.15.0.1, and TortoiseSVN prior to 1.14.6 are also impacted by this.
The following software that uses the vulnerable PuTTY is confirmed as impacted:
- FileZilla 3.24.1 – 3.66.5 (fixed in 3.67.0)
- WinSCP 5.9.5 – 6.3.2 (fixed in 6.3.3)
- TortoiseGit 2.4.0.2 – 2.15.0 (fixed in 2.15.0.1)
- TortoiseSVN 1.10.0 – 1.14.6 (mitigation possible by configuring TortoiseSVN to use Plink from the latest PuTTY 0.81 release)
