A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques,” Fabian Bäumer shared on the oss-sec mailing list. According to PuTTY maintainers, … More

The post PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) appeared first on Help Net Security.