Understanding the PuTTY vulnerability : CVE-2024–31497

Larbi OUIYZME
2 min readApr 16, 2024

--

Putty

Introduction :

PuTTY, a widely used free and open-source terminal emulator, serial console and network file transfer application, recently had a vulnerability discovered in its system. This vulnerability, known as CVE-2024–31497, has significant implications for the security of the application and its users.

Details of the Vulnerability :

The vulnerability was found in PuTTY versions 0.68 through 0.80. It is related to the biased ECDSA nonce generation, which could allow an attacker to recover a user’s NIST P-521 secret key with a quick attack in approximately 60 signatures.

Implications of the Vulnerability :

This vulnerability is particularly significant in a scenario where an adversary could read messages signed by PuTTY or Pageant. In other words, an adversary might already have enough signature information to compromise a victim’s private key, even if there was no further use of vulnerable PuTTY versions.

After a key compromise, an adversary could potentially conduct supply-chain attacks on software maintained in Git. A second, independent scenario was that the adversary was an operator of an SSH server to which the victim authenticated. Here, the rogue server operator could derive the victim’s private key, and then use it for unauthorized access to other services.

Affected Software :

This vulnerability also affected other software, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

Mitigation Measures :

To mitigate the risks associated with this vulnerability, users and administrators should take the following steps:

  1. Update PuTTY : The most effective mitigation measure is to update PuTTY to the latest version, which has patched this vulnerability and at the time of writing this article, a new version 0.81 was released on April 15, 2024. Always download updates from the official PuTTY website or a trusted source to avoid malicious software.
  2. Regularly Rotate Keys : Regularly rotating SSH keys can limit the impact if a key is compromised. It’s a good practice to rotate keys periodically, even when there are no known vulnerabilities.
  3. Monitor for Suspicious Activity : Use intrusion detection systems and network monitoring to watch for unusual activity that could indicate a compromise.
  4. Limit Access : Only allow trusted users and systems to access the systems where PuTTY is used. This can prevent an attacker from exploiting the vulnerability.
  5. Security Awareness : Train users on the importance of security updates and the risks of using outdated software.

Conclusion :

The discovery of this vulnerability underscores the importance of regular software updates and the use of secure coding practices. It also highlights the need for users to be vigilant and proactive in protecting their digital assets.

For more details about this vulnerability, you can visit the official NIST National Vulnerability Database page.

--

--

Larbi OUIYZME

I'm Larbi, from Morocco. IT trainer and Chief Information Security Officer (CISO), I'm committed to share knowledge. Also, Ham Radio CN8FF passionate about RF