Hello World!
Recently a vulnerability has been discovered in everyone’s favourite terminal emulator.(That is, if you dont use Solar-PuTTY.)
The run down in a bitesize chunk is that a faulty implementation of cryptographic techniques, leads to an ability to recover a users private key. Specifically a NIST P-521 private key, potentially giving an attacker the ability to authenticate to services for which they would otherwise not have credentials for. Extending to any messages signed by PuTTY, this means that any publicly avaliable messages signed with this key could be gathered and used in this attack. Possibly leading to unauthorised access or impersonation of the owner.
This vulnerability affects versions of PuTTY from 0.68 through to 0.80, meaning that you should update to 0.81 as soon as reasonably practicable, extending to tools that implement these vulnerable versions of PuTTY in them. Additionally if messages signed by PuTTY are open-sourced; such as git commits, then regeneration of the key pair and a purge of the old one from any authorized_keys file would be highly reccomended.
Now to dig a little deeper, this vulnerability appears to have happened due to older implementations of keys not being updated. The vulnerability is due to a biased nonce, meaning “number used only once” used as a source of randomness within cryptographic implementations. How random really is random? That’s a question for another time…
Due to previous algorithims using shorter bit lengths, the result of those same mathematical computations being used leads to a nonce of all zeros being generated. The key issue being that this is not random (enough). Allowing an attacker to mathematically build the private key when they are in possession of a number of signed messages.
Sources and further reading: https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ https://www.tenable.com/plugins/nessus/193433 https://nvd.nist.gov/vuln/detail/CVE-2024-31497
AACYBER 