A critical vulnerability has been identified in PuTTY versions 0.68 through 0.80, potentially compromising NIST P-521 private keys. Assigned CVE-2024-31497, the flaw was discovered by Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum. This vulnerability allows attackers, with access to a few dozen signed messages and the public key, to recover the private key and forge signatures. The issue stems from the generation of biased ECDSA cryptographic nonces, specifically the first 9 bits being zero, enabling key recovery with around 60 signatures. This vulnerability also affects FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, with patches available in the latest versions of these applications. The PuTTY team has addressed this by adopting the RFC 6979 technique for nonce generation, moving away from a deterministic approach that was vulnerable to this exploit. Users are advised to consider ECDSA NIST-P521 keys used with affected software as compromised and to revoke them accordingly.
Read more at The Hacker News…