CVE-2024-31497
PuTTY ECDSA Key Revelation Vulnerability
Description
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.
INFO
Published Date :
April 15, 2024, 8:15 p.m.
Last Modified :
June 20, 2024, 7:15 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
3.6
Exploitability Score :
2.2
Public PoC/Exploit Available at Github
CVE-2024-31497 has a 8 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2024-31497
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-31497.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Proof Of Concept that exploits PuTTy CVE-2024-31497.
cve ecdsa exploit poc vulnerability cve-2024-31497 putty
Python
None
Python
None
None
Dockerfile Makefile Go C
A script designed to uncover vulnerabilities in Putty by exploiting CVE-2024-31497.
CVE-2024-31497 PuTTY Biased ECDSA Nonce Generation Exploit
Breaking ECDSA (not so broken) with LLL
ecdsa lll lattice-reduction cryptography trailofbits cve-2024-31497
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-31497 vulnerability anywhere in the article.
-
Cybersecurity News
ECDSA Vulnerability in YubiKey: What You Need to Know
OLYMPUS DIGITAL CAMERAIn a recent security advisory, Yubico disclosed a moderate vulnerability (CVE-2024-45678) affecting several of its hardware security devices, including the widely-used YubiKey 5 ... Read more
-
New Jetpack Site
Vulnerabilità critica su PuTTY
04/16/2024 Proto: N240416 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica su PuTTY che consente ad utenti malintenzionati di compromettere la chiave privata utilizzata per l'autenti ... Read more
The following table lists the changes that have been made to the
CVE-2024-31497 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Jun. 20, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html [No types assigned] -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
May. 10, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Changed Reference Type http://www.openwall.com/lists/oss-security/2024/04/15/6 No Types Assigned http://www.openwall.com/lists/oss-security/2024/04/15/6 Mailing List, Third Party Advisory Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=2275183 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=2275183 Issue Tracking Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1222864 No Types Assigned https://bugzilla.suse.com/show_bug.cgi?id=1222864 Issue Tracking Changed Reference Type https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty No Types Assigned https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty Product Changed Reference Type https://filezilla-project.org/versions.php No Types Assigned https://filezilla-project.org/versions.php Release Notes Changed Reference Type https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git No Types Assigned https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git Mailing List, Patch Changed Reference Type https://github.com/advisories/GHSA-6p4c-r453-8743 No Types Assigned https://github.com/advisories/GHSA-6p4c-r453-8743 Third Party Advisory Changed Reference Type https://github.com/daedalus/BreakingECDSAwithLLL No Types Assigned https://github.com/daedalus/BreakingECDSAwithLLL Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/ Mailing List, Third Party Advisory Changed Reference Type https://news.ycombinator.com/item?id=40044665 No Types Assigned https://news.ycombinator.com/item?id=40044665 Issue Tracking Changed Reference Type https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/ No Types Assigned https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/ Press/Media Coverage Changed Reference Type https://security-tracker.debian.org/tracker/CVE-2024-31497 No Types Assigned https://security-tracker.debian.org/tracker/CVE-2024-31497 Third Party Advisory Changed Reference Type https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward No Types Assigned https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward Product Changed Reference Type https://tortoisegit.org No Types Assigned https://tortoisegit.org Third Party Advisory Changed Reference Type https://twitter.com/CCBalert/status/1780229237569470549 No Types Assigned https://twitter.com/CCBalert/status/1780229237569470549 Press/Media Coverage Changed Reference Type https://twitter.com/lambdafu/status/1779969509522133272 No Types Assigned https://twitter.com/lambdafu/status/1779969509522133272 Press/Media Coverage Changed Reference Type https://winscp.net/eng/news.php No Types Assigned https://winscp.net/eng/news.php Third Party Advisory Changed Reference Type https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ No Types Assigned https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ Press/Media Coverage Changed Reference Type https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html No Types Assigned https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes, Vendor Advisory Changed Reference Type https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html No Types Assigned https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html Vendor Advisory Changed Reference Type https://www.openwall.com/lists/oss-security/2024/04/15/6 No Types Assigned https://www.openwall.com/lists/oss-security/2024/04/15/6 Mailing List, Third Party Advisory Changed Reference Type https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/ No Types Assigned https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/ Press/Media Coverage Added CWE NIST CWE-338 Added CPE Configuration OR *cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:* versions from (including) 0.68 up to (excluding) 0.81 Added CPE Configuration OR *cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:* versions up to (excluding) 3.67.0 Added CPE Configuration OR *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (excluding) 6.3.3 Added CPE Configuration OR *cpe:2.3:a:tortoisegit:tortoisegit:*:*:*:*:*:*:*:* versions up to (excluding) 2.15.0.1 Added CPE Configuration OR *cpe:2.3:a:tigris:tortoisesvn:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.6 Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* -
CVE Modified by [email protected]
May. 01, 2024
Action Type Old Value New Value Added Reference MITRE http://www.openwall.com/lists/oss-security/2024/04/15/6 [No types assigned] -
CVE Modified by [email protected]
Apr. 26, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/ [No types assigned] -
CVE Modified by [email protected]
Apr. 25, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/ [No types assigned] -
CVE Modified by [email protected]
Apr. 23, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/ [No types assigned] -
CVE Modified by [email protected]
Apr. 18, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/ [No types assigned] -
CVE Modified by [email protected]
Apr. 16, 2024
Action Type Old Value New Value Added Reference MITRE https://github.com/daedalus/BreakingECDSAwithLLL [No types assigned] Added Reference MITRE https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ [No types assigned] Added Reference MITRE https://twitter.com/CCBalert/status/1780229237569470549 [No types assigned] Added Reference MITRE https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/ [No types assigned] -
CVE Modified by [email protected]
Apr. 15, 2024
Action Type Old Value New Value Added Reference MITRE https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/ [No types assigned] -
CVE Modified by [email protected]
Apr. 15, 2024
Action Type Old Value New Value Changed Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. One scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. Because SSH is sometimes used to authenticate to Git services, it is possible that this vulnerability could be leveraged for supply-chain attacks on software maintained in Git. It is also conceivable that signed messages from PuTTY or Pageant are readable by adversaries more easily in other scenarios, but none have yet been disclosed. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. Added Reference MITRE https://filezilla-project.org/versions.php [No types assigned] Added Reference MITRE https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward [No types assigned] Added Reference MITRE https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty [No types assigned] Added Reference MITRE https://news.ycombinator.com/item?id=40044665 [No types assigned] Added Reference MITRE https://winscp.net/eng/news.php [No types assigned] Added Reference MITRE https://tortoisegit.org [No types assigned] Added Reference MITRE https://github.com/advisories/GHSA-6p4c-r453-8743 [No types assigned] Added Reference MITRE https://bugzilla.redhat.com/show_bug.cgi?id=2275183 [No types assigned] Added Reference MITRE https://bugzilla.suse.com/show_bug.cgi?id=1222864 [No types assigned] Added Reference MITRE https://security-tracker.debian.org/tracker/CVE-2024-31497 [No types assigned] Added Reference MITRE https://twitter.com/lambdafu/status/1779969509522133272 [No types assigned] Added Reference MITRE https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git [No types assigned] -
CVE Modified by [email protected]
Apr. 15, 2024
Action Type Old Value New Value Added Reference MITRE https://www.openwall.com/lists/oss-security/2024/04/15/6 [No types assigned] -
CVE Received by [email protected]
Apr. 15, 2024
Action Type Old Value New Value Added Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. One scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. Because SSH is sometimes used to authenticate to Git services, it is possible that this vulnerability could be leveraged for supply-chain attacks on software maintained in Git. It is also conceivable that signed messages from PuTTY or Pageant are readable by adversaries more easily in other scenarios, but none have yet been disclosed. Added Reference MITRE https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html [No types assigned] Added Reference MITRE https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-31497 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-31497
weaknesses.