Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability

Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...

TencentOS Server 4: putty (TSSA-2025:0180)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0180 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Azure Linux 3.0 Security Update: mariadb (CVE-2024-1544)

The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1544 advisory. - Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular...

DEBIAN-CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

UBUNTU-CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

WinSCP < 6.3.3 Key Recovery Attack Vulnerability

The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...

[SECURITY] [DLA 3839-1] putty security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS -...

Fedora 40 : filezilla / libfilezilla (2024-ff9a2fb31c)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff9a2fb31c advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 38 : putty (2024-08a4a5ead8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-08a4a5ead8 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...

Updated putty & filezilla packages fix security vulnerability

The PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures c...

MGASA-2024-0140 Updated putty & filezilla packages fix security vulnerability

The PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures c...

Fedora 39 : filezilla / libfilezilla (2024-8401d42de6)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8401d42de6 advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

SUSE CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

DEBIAN-CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

PT-2023-9405

Name of the Vulnerable Software and Affected Versions WolfSSL affected versions not specified Description The issue is related to the generation of the ECDSA nonce k, where a random number r is selected and then reduced modulo n, the order of the elliptic curve. The division used during the...

Medium: nspr, nss-softokn, nss-util, nss

Issue Overview: When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services NSS library. This could lead to information disclosure. This vulnerability affects Firefox ESR 60.8, Firefox 68, and...