CVE-2024-31497: PuTTY: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces openwall.com/lists/oss-secu…
Affected Products
- PuTTY 0.68 - 0.80
- FileZilla 3.24.1 - 3.66.5
- WinSCP 5.9.5 - 6.3.2
- TortoiseGit 2.4.0.2 - 2.15.0
- TortoiseSVN 1.10.0 - 1.14.6

PuTTY 0.80 and below is vulnerable to a biased nonce attack, which allows for full secret key recovery in the case of NIST P-521. This vulnerability also affects FileZilla, WinSCP, TortoiseGit, and TortoiseSVN (and every product using a vulnerable PuTTY version).

Video for the talk on the Terrapin Attack at Real World Crypto 2024 is now online! Featuring Fabian Bäumer youtube.com/watch?v=YoNOEp…

(THREAD) Martin R. Albrecht and I have written a retrospective on “Crypto in the Wild”. This is about some of our work over the last 20 years or so, in which we look “out there” into the wild to see how cryptography is used in deployed systems. Link:
eprint.iacr.org/2024/532 (1/6)

I'll be giving a talk about our latest finding, the Terrapin Attack, at Real World Crypto next week. Make sure to get up early on Tuesday if you happen to be there 😜 I'm looking forward to meeting you all, crypto folks!🤗

Congratulations to Fabian Bäumer and Marcus Brinkmann! The Terrapin paper just got accepted for USENIX Security 2024!

Don't fret my fellow network engineers, it is not as bad as it might sound. There are certain requirements that make this attack a rather complicated one when Networks are concerned.

Nevertheless, I posted my thoughts about it here learn.srlinux.dev/blog/2024/ssh-… as well as the testing

We started to receive questions from customers regarding this CVE and on the surface, it sounded quite scary.
Patches done to almost every SSH server out there, but no mention of Network OSes.
So I decided to help researchers Fabian Bäumer Marcus Brinkmann and Jörg Schwenk by assessing

Mathias Payer In short, that SSH implementations handled sequence numbers in a particular, natural way in the BPP. I think once implementations are fixed to do the right thing (TM) the proofs should be useful once more.

No worries, it's me answering a few questions on Ars Technica regarding our new Terrapin attack targeting SSH 🙂 If you haven't already, check terrapin-attack.com as well as the article by @[email protected] -- Follow me there arstechnica.com/security/2023/…

The researchers Jörg Schwenk Fabian Bäumer and Marcus Brinkmann found critical vulnerabilities in #SSH which allows a MitM attacker to drop certain messages from the secured connection. Learn more ➡️ casa.rub.de/en/news/casa/n… #cybersecurity

Heads up: Bug in the SSH specification which allows a MitM attacker to drop certain messages from the secured connection. Update ssh when the upgrade is available for your Linux or Unix machines.

This is incredibly good work and a great find! For users: You should update your SSH packages when they are available but don't risk your availability by being 'drop everything' hasty. Thanks to defense in depth in the protocol this isn't as serious as prior issues in TLS/SSL.

Amazing work! New technique - must read for everyone who is into protocols!