Biased ECDSA nonce generation vulnerability in PuTTY allows attackers to recover user's NIST P-521 secret key
CVE-2024-31497
Key Information:
- Vendor
- PuTTY
- Status
- Putty
- Vendor
- CVE Published:
- 15 April 2024
Badges
What is CVE-2024-31497?
CVE-2024-31497 is a critical vulnerability in PuTTY, a widely used SSH and telnet client that facilitates secure remote access to systems. This vulnerability arises from biased nonce generation in the Elliptic Curve Digital Signature Algorithm (ECDSA) within PuTTY versions 0.68 to 0.80, prior to version 0.81. Its exploitation enables attackers to recover the user’s NIST P-521 private key through a relatively swift process requiring only approximately 60 digital signatures. This situation poses significant risks to organizations, as the compromised keys could be used for unauthorized access, leading to severe security breaches and potential supply-chain attacks.
Technical Details
The vulnerability stems from how PuTTY generates nonces for ECDSA signatures. In versions affected by CVE-2024-31497, the nonce generation process is flawed, introducing bias that can be exploited by adversaries. If an attacker can observe the signed messages produced by PuTTY or Pageant (PuTTY's SSH agent), they can collect the necessary signatures and engage in a key recovery attack. This vulnerability is particularly concerning in environments where such signatures are publicly accessible or in scenarios where users connect to untrusted SSH servers. The flaw also affects several other applications, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, highlighting a broader range of potential vulnerabilities across multiple platforms.
Impact of the Vulnerability
-
Key Compromise: Successful exploitation can lead to the recovery of a user's private NIST P-521 key, granting attackers unauthorized access to systems secured with those keys.
-
Supply-Chain Attacks: With access to compromised keys, attackers might conduct supply-chain attacks, especially on software maintained in publicly readable Git repositories, potentially altering source code or injecting malicious elements.
-
Unauthorized Access to Other Services: If users employ the same private key across multiple services, including untrusted SSH connections, attackers could use derived keys for unauthorized access to those services, amplifying the security ramifications beyond the initial breach.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security AffairsCVE-2024-31497Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
8 months ago
Security AffairsCVE-2024-31497CVE-2024-31497 Archives - Security Affairs
Targeted operation against Ukraine exploited 7-year-old MS Office bug | Hackers may have accessed thousands of accounts on the California state welfare platform | Brokewell Android malware supports an...
8 months ago
StairwellCVE-2024-31497Stairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497) — Stairwell
On 15 April 2024, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum identified a vulnerable implementation of DSA for certain elliptic curve configurations in the 0.68 – 0.80 versions of PuTTY SSH...
8 months ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
- 📰
First article discovered by Hyper ICT
Vulnerability published
Vulnerability Reserved