Critical PuTTY Flaw Leaves SSH Keys Exposed: Update Now to Protect Your Private Data!

Warning: Your SSH keys could be playing hide and seek with hackers! PuTTY’s latest hoopla involves a sneaky flaw (CVE-2024-31497) that lets attackers pocket your NIST P-521 private keys. Time to update and revoke those keys before they RSVP to an unauthorized server party! 🗝️🎉

Hot Take:

Just when you thought your SSH keys were as secure as your diary under the mattress, turns out they’ve been more like a billboard on the cyber highway, thanks to PuTTY’s “whoopsie” with eavesdrop-friendly nonces. Better patch up or your secrets might take a walk down the internet aisle!

Key Points:

  • Put your shocked face on: PuTTY versions 0.68 through 0.80 have a critical flaw allowing private key recovery (CVE-2024-31497).
  • Researchers turned cyber-sleuths from Ruhr University Bochum get a hat tip for uncovering this nonce-sense.
  • Got a few dozen signed messages? Congrats, you’re on your way to forging signatures and crashing server parties.
  • Other software partying with the flawed PuTTY versions: FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.
  • Patch parade: PuTTY 0.81 and friends have kicked the buggy nonce to the curb, switching to the RFC 6979 technique.
Cve id: CVE-2024-31497
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 04/15/2024
Cve description: In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before, and TortoiseSVN through 1.14.6.

Need to know more?

PuTTY's Party Pooper

Ah, the venerable PuTTY, the go-to for SSH shenanigans, has stumbled over its cryptographic shoelaces, tripping on a vulnerability so critical it could turn your private keys into public spectacle. Imagine the horror: One minute you're logging into servers with the smug confidence of a cat with a secret stash of tuna, and the next, you're the fish on the chopping block.

The Dynamic Duo of Doom

Enter stage left: Fabian Bäumer and Marcus Brinkmann, two researchers who probably enjoy puzzles and finding needles in haystacks. They've traced the issue back to those pesky ECDSA nonces, which, in a plot twist nobody asked for, were about as random as a predictable plot in a soap opera.

A Signature Collection

If you're a malicious server or just a collector of signed messages, congrats! You've hit the jackpot. Forget about MitM attacks; we're talking straight-up private key heist. And with enough signatures, you could impersonate someone with the effectiveness of a spy in a bad wig.

The Affected Fellowship

It's not just PuTTY feeling the heat. The cozy clique of FileZilla, WinSCP, TortoiseGit, and TortoiseSVN also got the unwanted invitation to Vulnerability Ville. It's like realizing your entire friend group forgot to lock their front doors.

Patching Up the Party

But don't despair! The cavalry has arrived with patches galore. PuTTY 0.81, leading the charge, is waving the RFC 6979 flag, a technique that likely had the old, biased nonce method cleaning out its desk by lunchtime. And if you're a TortoiseSVN fan, just sidestep with the latest Plink from PuTTY until they sort out their own patchy patch.

Remember, folks, if you've been frolicking in the fields of ECDSA NIST-P521 keys with any of these vulnerable versions, it's time to revoke, remove, and rethink your key strategy. Because in the cyber world, it's patch or be pirated!

Tags: bias recovery, cryptographic nonces, CVE-2024-31497, ECDSA nonce flaw, PuTTY vulnerability, secure shell updates, SSH key compromise