Categories
Blog

CRITICAL VULNERABILITY (CVE-2024-31497) FOUND IN PUTTY SSH CLIENT  

Home » Blog » CRITICAL VULNERABILITY (CVE-2024-31497) FOUND IN PUTTY SSH CLIENT  

CRITICAL VULNERABILITY (CVE-2024-31497) FOUND IN PUTTY SSH CLIENT  

Experts have discovered a security vulnerability labeled CVE-2024-31497 in a widely used open-source SSH and Telnet client, PuTTY. The vulnerability could allow attackers to access secret keys that could be leveraged to forge digital signatures.  

Let us look at what the vulnerability is about and the steps to prevent risks associated with it.   

What is PuTTY? 

PuTTY is one of the open-source terminal emulation programs for Windows, most popularly used for SSH, Telnet, SFTP, and other connections.   

It is known for its reliability in terminal emulation, its ease of configurability, and its versatility in supporting cryptographic algorithms. It is also used for network file sharing even though it doesn’t come with its own integrated client for file transferring. 

About the PuTTY ssh vulnerability 

The vulnerability was discovered by two security researchers from Germany’s Ruhr University Bochum.  

They found that the PuTTY and its related components generated ECDSA nonces that were highly biased while using it with NIST’s P-521 elliptic curve.  

A nonce is a unique arbitrary number that is only used once in cryptographic communication. 

ECDSA or the Elliptic Curve Digital Signature Algorithm, is a digital signing algorithm that utilizes elliptic curve cryptography to generate keys used in Digital Signature Algorithms. Digital Signature Algorithms ensure the security of sensitive information, safer transactions, and communication.   

ECDSAs are used over other digital signing algorithms as they are more secure, use smaller keys, and are extremely difficult for cybercriminals to decrypt. They are also preferred because they make the process of signing and verification faster. 

They rely on a combination of public and private keys for the signing and verification of digital signatures. 

The exploitation of the CVE-2024-31497 vulnerability allows attackers to recover cryptographic private keys that can allow them to snoop encrypted communications and access SSH servers or sign commits that record changes in code logs as a developer. As per ethical hacking experts,  an attacker with access to keys and signed messages can reverse engineer to recover private keys and forge signatures to access the servers those keys are used for. The NIST’s NVD has warned that if exploited properly, this vulnerability could be leveraged by attackers to engage in supply chain attacks.

The vulnerability affects all the versions of PuTTY from 0.68 to 0.80 and products that rely on them, including WinSCP, TortoiseGit, TortoiseSVN, and FileZilla. 

SharkStriker’s recommendations and actions 

The following are SharkStriker’s actions and recommendations: 

  • We recommend all of our customers and partners using PuTTY to update to the latest 0.81 version since it was patched with fixes for the CVE 2024-31497 security vulnerability. 
  • Users are advised to revoke all the affected ECDSA NIST-P521 keys 
  • Our SOC team has performed threat hunting in the customer environment for the said vulnerability. 
  • Customers can use multiple dashboards in the STRIEGO platform to keep track of their security posture. 

Services

Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post

All
Blog