Mastodawn

May 10, 2024

🚨🚨POC RELEASED🚨🚨PoC that exploits PuTTy CVE-2024-31497. Link in sub-post.👇

#DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Cybersecurity #Infosec #CTI #CVE202431497 #Vulnerability #PuTTY

X Link: https://twitter.com/DarkWebInformer/status/1789080290175934760

Dark Web Informer (@DarkWebInformer) on X

🚨🚨POC RELEASED🚨🚨PoC that exploits PuTTy CVE-2024-31497. Link in sub-post.👇 #DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Cybersecurity #Infosec #CTI #CVE202431497 #Vulnerability #PuTTY "This vulnerability exploits the biased ECDSA nonce generation in the…

X (formerly Twitter)

Neustradamus :xmpp: :linux:Apr 19, 2024

#PuTTY 0.81 has been released (#SSH / #SerialPort / #RS232 / #Telnet / #CVE / #CVE202431497) https://chiark.greenend.org.uk/~sgtatham/putty

Joaquim Homrighausen Apr 16, 2024

Upgrade PuTTY if you're using it. This may also affect things like WinSCP, FileZilla, TortoiseGit, Tortoise SVN 🕵️ 🧐

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

(also https://seclists.org/oss-sec/2024/q2/122)

#putty #winscp #filezilla #exploit #vulnerability #cybersec #cybersecurity #infosec #cve202431497

PuTTY vulnerability vuln-p521-bias

Show thread

Harry Sintonen Apr 15, 2024

The #PuTTY git commit e9848f50a88a4089aac647fecc31ae96d27 fixing the #CVE202431497 #vulnerability has a great writeup about the issue and its background.

https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c193fe9848f50a88a4089aac647fecc31ae96d27

Show thread

Harry Sintonen Apr 15, 2024

"2024-04-15 PuTTY 0.81 released

PuTTY 0.81, released today, fixes a critical vulnerability CVE-2024-31497 in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private key with any previous version of PuTTY, consider the private key compromised: remove the public key from authorized_keys files, and generate a new key pair.

However, this only affects that one algorithm and key size. No other size of ECDSA key is affected, and no other key type is affected."

source: https://www.chiark.greenend.org.uk/~sgtatham/putty/ #PuTTY #CVE202431497

PuTTY: a free SSH and Telnet client

Harry Sintonen Apr 15, 2024

CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in #PuTTY Client

PuTTY client and affected components generate biased ECDSA nonces for NIST P-521 (due to first 9 bits of nonce being zero). Assuming ~60 signatures signed by the same secret key can be collected the attacker may be able to recover the associated private key.

Affected:
- PuTTY 0.68 - 0.80

In addition the following software packages are also affected:
- #FileZilla 3.24.1 - 3.66.5
- #WinSCP 5.9.5 - 6.3.2
- #TortoiseGit 2.4.0.2 - 2.15.0
- #TortoiseSVN 1.10.0 - 1.14.6
(this list may be incomplete)

https://www.openwall.com/lists/oss-security/2024/04/15/6 #CVE202431497 #vulnerability #infosec #cybersecurity

Dark Web Informer (@DarkWebInformer) on X

PuTTY vulnerability vuln-p521-bias

PuTTY: a free SSH and Telnet client

oss-security - CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client