Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.

The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum.

“The effect of the vulnerability is to compromise the private key,” the PuTTY project said in an advisory.

In a message posted on the Open Source Software Security (oss-sec) mailing list, Bäumer described the flaw as stemming from the generation of biased ECDSA cryptographic nonces, which could enable the recovery of the private key.

“The first 9 bits of each ECDSA nonce are zero,” Bäumer explained. “This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques.”

Besides impacting PuTTY, it also affects other products that incorporate a vulnerable version of the software –

  • FileZilla (3.24.1 – 3.66.5)
  • WinSCP (5.9.5 – 6.3.2)
  • TortoiseGit ( – 2.15.0)
  • TortoiseSVN (1.10.0 – 1.14.6)

ECDSA NIST-P521 keys used with any of the vulnerable components should be considered compromised and consequently revoked by removing them from ~/.ssh/authorized_keys files and their equivalents in other SSH servers.


Source: https://thehackernews.com/