Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys

CVE-2024-31497 is a vulnerability in PuTTY, a popular Windows SSH client, relating to a flaw in its P-521 ECDSA implementation. This vulnerability is known to affect versions 0.68 through 0.80, which span the last 7 years. This potentially affects anyone who has used a P-521 ECDSA SSH key with an affected version, regardless of whether the ECDSA key was generated by PuTTY or another application. Other applications that utilise PuTTY for SSH or other purposes, such as FileZilla, are also …

client cve cve-2024 ecdsa flaw forensics implementation key keys leaks popular private private keys putty signature span ssh ssh key vulnerability windows