Veracode Vulnerability DatabaseVERACODE:46486Biased ECDSA Nonce Generation
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.6%
PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user’s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable, stored in a public Git service supporting SSH for commit signing, and made by Pageant through an agent-forwarding mechanism. In such scenarios, an adversary may already have enough signature information to compromise a victim’s private key. This vulnerability also affects other software such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.
References
www.openwall.com/lists/oss-security/2024/04/15/6
bugzilla.redhat.com/show_bug.cgi?id=2275183
bugzilla.suse.com/show_bug.cgi?id=1222864
docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty
filezilla-project.org/versions.php
git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git
github.com/advisories/GHSA-6p4c-r453-8743
github.com/daedalus/BreakingECDSAwithLLL
lists.debian.org/debian-lts-announce/2024/06/msg00014.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/
news.ycombinator.com/item?id=40044665
security-tracker.debian.org/tracker/CVE-2024-31497
security-tracker.debian.org/tracker/CVE-2024-31497
securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/
tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward
tortoisegit.org
twitter.com/CCBalert/status/1780229237569470549
twitter.com/lambdafu/status/1779969509522133272
winscp.net/eng/news.php
www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
www.openwall.com/lists/oss-security/2024/04/15/6
www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.6%