PuTTY vulnerability allows attackers to uncover private keys
A vulnerability within PuTTY version 0.68 through 0.80 allows attackers to recover a user’s private key using at least 60 digital signatures that use the Elliptic Curve Digital Signature Algorithm (ECDSA).
Researchers from Ruhr University Bochum, Fabian Baumer and Marcus Brinkman, first discovered the vulnerability, which is tracked as CVE-2024-31497.
PuTTY is an open-source terminal emulator, serial console, and network file transfer application for Windows.
It lets users remotely access and manage servers and other networked devices.
The terminal uses network protocols such as SSH to establish an encrypted connection.
They found that PuTTY generates biased ECDSA nonces because Windows lacks a robust cryptographic random generator.
“Bias” in this context means the cryptographic nonces are not random enough to prevent a cryptanalyst from reverse engineering private keys from publicly available digital signatures.
As a result, attackers can recover a user’s full private key if they’ve seen around 60 of their ECDSA digital signatures.
These signatures are not considered private data and may be readily found online, including in commits made to git version control repositories.
Digital signatures are created by signing a hash digest (also called a hash code) of specific data, such as the contents of an email or code committed to a git repository.
Hashes are numeric values that are long enough (usually between 160 and 512 bits) to be considered a unique representation of a piece of data.
Crucially, hashes are non-reversible — you can’t reverse the hashing algorithm to regain the original data.
You essentially sign a hash by “encrypting” it using your private key. Others can then “decrypt” it using your public key.
Someone can then compute the hash of a message or piece of code and compare it to the decrypted hash attached to it.
This allows them to verify who wrote it and that it wasn’t manipulated in any way — provided the sender’s private key has remained secure.
Thus, gaining access to a user’s private key can be extremely valuable to attackers.
Once attackers have a user’s private key, they can digitally sign anything as that person, decrypt data that was encrypted using their public key, or potentially intercept Internet traffic secured using their private key.