Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Critical PuTTY Vulnerability Allows Secret Key Recovery

PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. 

The developers of PuTTY have released an update to patch a critical vulnerability that can be exploited to recover secret keys. 

PuTTY is an open source client program for SSH, Telnet, and other network protocols, enabling connections to remote servers and file transfers. 

Two researchers from Ruhr University Bochum in Germany discovered that the client and related components “generate heavily biased ECDSA nonces in the case of NIST P-521”, which enables full secret key recovery. The vulnerability is tracked as CVE-2024-31497.

“The nonce bias allows for full secret key recovery of NIST P-521 keys after a malicious actor has seen roughly 60 valid ECDSA signatures generated by any PuTTY component under the same key,” the researchers explained.

They noted that the required signatures can be obtained by a malicious server or from other sources, such as signed git commits.

“All NIST P-521 client keys used with PuTTY must be considered compromised, given that the attack can be carried out even after the root cause has been fixed in the source code (assuming that ~60 pre-patch signatures are available to an adversary),” the researchers warned.

PuTTY developers have provided an explanation on how a threat actor could recover a key and what they could use it for.

“An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, and then forge signatures as if they were from you, allowing them to (for instance) log in to any servers you use that key for,” they explained. “To obtain these signatures, an attacker need only briefly compromise any server you use the key to authenticate to, or momentarily gain access to a copy of Pageant holding the key.”

Advertisement. Scroll to continue reading.

PuTTY versions 0.68 through 0.80 are affected, and PuTTY 0.81 fixes the vulnerability. Several products that rely on an affected PuTTY version are vulnerable as well, including FileZilla, WinSCP, TortoiseGit and TortoiseSVN. Patches or mitigations are available for these products as well. 

Affected keys must be revoked immediately, PuTTY developers urged users. 

An entry for CVE-2024-31497 in NIST’s National Vulnerability Database warns that the vulnerability could allow supply chain attacks.

*updated with information from the NIST NVD advisory

Related: Multiple Vulnerabilities Patched in PuTTY and LibSSH2

Related: JumpCloud Says All API Keys Invalidated to Protect Customers

Related: Tech Giants Form Post-Quantum Cryptography Alliance

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights