High Priority PuTTY Vulnerability Threatens Server Access Security

PuTTY's security flaw (CVE2024-31497) in ECDSA P521 keys risks private data exposure. Urgent update is needed.

A critical security vulnerability in PuTTY, a very popular software for secure terminal access to remote servers, has been discovered. This vulnerability could put the private keys of many users at risk.

Cataloged as CVE-2024-31497, the vulnerability affects PuTTY version numbers between 0.68 and 0.80. So, if you have been using PuTTY during this time, it is important to be aware of what this means for your data security.

What’s the Problem?

Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum found the vulnerability. It concerns how PuTTY forms signatures from the ECDSA private keys on the NIST P521 curve.

The vulnerability with PuTTY is that it creates a component of the signature called ‘nonce’ during the generation process. This randomly generated number can be used once in a cryptographic communication, thus ensuring that old communications cannot be reused in replay attacks.

However, PuTTY used a deterministic method to generate nonces due to the lack of a high-quality random number generator in early Windows systems. This deterministic method was biased for the P521 curve, which made the private key recovery possible.

Simply put, an attacker who gets hold of multiple signed messages can potentially recover your private key due to a specific bias in the signature creation process. This would allow them to forge signatures and access any servers where you’ve used this key.

Why Is It Serious?

A compromised private key is a major security risk comparable to someone having the key to your home. The attacker could impersonate you, gaining unauthorized access to systems and sensitive information.

Notably, this vulnerability does not require an attacker to intercept your communications; they only need to access signatures generated by your key.

What Should You Do?

PuTTY 0.81
PuTTY 0.81

If you are using a P521 key with PuTTY:

  1. Revoke the key immediately. Remove it from all servers’ authorized_keys files where it is been used.
  2. Generate a new key pair. Use PuTTYgen or another tool to create a new set of keys for future authentication.

The good news is that this issue only affects 521-bit ECDSA keys, specifically those marked with “ecdsa-sha2-nistp521” in PuTTYgen or Pageant. This issue does not affect other cryptographic key types and sizes, such as Ed25519.

The developers have now fixed this issue in version 0.81 of PuTTY by adopting a new, standardized method for generating nonces.

So, if you’re using PuTTY for sensitive operations, it is crucial to update to the latest version immediately and replace any compromised keys to safeguard your digital security.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%