Get the latest tech news

PuTTY vulnerability vuln-p521-bias


Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team Download: Stable · Snapshot | Docs | Changes | Wishlist Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.) This vulnerability has been assigned CVE-2024-31497.

absent-in: 0.67 present-in: 0.68 0.69 0.70 0.71 0.72 0.73 0.74 0.75 0.76 0.77 0.78 0.79 0.80 fixed-in: c193fe9848f50a88a4089aac647fecc31ae96d27(0.81) Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. It's less immediate than if an attacker knows all of k, but it turns out that if k has a biased distribution in this way, it's possible to aggregate information from multiple signatures and recover the private key eventually. To fix this vulnerability, we've completely abandoned PuTTY's old system for generating k, and switched to the RFC 6979 technique, for all DSA and ECDSA key types.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of vulnerability

vulnerability

Photo of bias

bias

Photo of PuTTY

PuTTY

Related news:

News photo

‘ShadowRay’ vulnerability on Ray framework exposes thousands of AI workloads, compute power and data

News photo

Is Modi fascist? Google AI tool's 'bias' response irks IT ministry

News photo

As China Expands Its Hacking Operations, a Vulnerability Emerges