Debian LTS DLA-3839-1 Critical: Putty ECDSA Key Compromise Risk
debian lts
June 20, 2024
A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures
Topics Covered
Summary
This allowed an attacker to (for instance) log in to any servers
the victim uses that key for.
To obtain these signatures, an attacker need only briefly compromise
any server the victim uses the key to authenticate to.
Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend
you to replace it with a freshly new created with a fixed version of
putty. Then, to revoke the old public key and remove it from any
machine where you use it to login into, so that a signature
from the compromised key has no value any more.
The only affected key type is 521-bit ECDSA. That is, a key that appears
in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the
'Key fingerprint' box, or is described as 'NIST p521', or has an id
starting ecdsa-sha2-nistp521 in the SSH protocol or the key file.
Other sizes of ECDSA, and other key algorithms, are unaffected.
In particular, Ed25519 is not affected.
For Debian 10 buster, this problem has been fixed in version
0.74-1+deb11u1~deb10u2.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: putty
Version: 0.74-1+deb11u1~deb10u2
CVE ID: CVE-2024-31497
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!