PuTTY has issued a warning regarding the CVE-2024-31497 vulnerability discovered by researchers at Ruhr University Bochum. This vulnerability stems from errors in generating random nonce values for message authentication, allowing malicious actors to potentially decrypt private keys if they intercept enough signed messages, typically around 60 messages.
The vulnerability in PuTTY arose before Windows implemented a secure random value system, forcing PuTTY to create its own randomization process. PuTTY hashes messages with SHA512 and then mods q to ensure a 160-bit value. However, using NIST P521 results in a maximum of 9 bits, always reverting to 0, weakening the nonce value significantly. This opens the door for hackers to recover private keys from just about 60 signed messages, such as the initial SSH connection packets.
PuTTY version 0.81 has transitioned to using the RFC 6979 standard for implementation. Users who have utilized keys prior to this update are at risk of key compromise. Nonetheless, this vulnerability does not affect users of EdDSA or Ed25519 keys. The affected versions range from 0.68 (released in 2017) to 0.80.
Source: PuTTY
TLDR: PuTTY notifies users of the CVE-2024-31497 vulnerability related to nonce value generation, posing a risk of key exposure for users of affected versions prior to 0.81.
Leave a Comment