Secret key recovery of NIST P-521 private keys in PuTTY
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-31497 |
| CWE-ID | CWE-310 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
PuTTY Client/Desktop applications / Software for system administration |
| Vendor | Simon Tatham |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Cryptographic issues
EUVDB-ID: #VU88542
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-31497
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to recover NIST P-521 private keys.
The vulnerability exists due to the PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. A remote attacker can recover the NIST P-521 private key using roughly 60 valid ECDSA signatures generated by any PuTTY component under the same key.
Note, if the key has been used to sign arbitrary data (e.g., git commits by forwarding Pageant to a development host), the publicly available signatures (e.g., on GitHub) can be used as well.
Install updates from vendor's website.
Vulnerable software versionsPuTTY: 0.68 - 0.80
External linkshttp://seclists.org/oss-sec/2024/q2/122
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
