PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques,” Fabian Bäumer shared on the oss-sec mailing list. According to PuTTY maintainers, … More →

The post …

attackers bits can client cve cve-2024 don't miss ecdsa exploited hot stuff keys nist nonce popular private private keys public-key cryptography putty random recover researchers ssh telnet vulnerability