Encryption Network Security News

The latest encryption network security stories, summarized by AI

encryption-network-security2.18 min read

PuTTY SSH Client Vulnerability Enables Private Key Recovery

The widely-used PuTTY SSH client, along with other products like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, has been found vulnerable to a key recovery attack that could compromise NIST P-521 private keys. The flaw, assigned the CVE identifier CVE-2024-31497, allows attackers to recover private keys and forge signatures, potentially leading to unauthorized access to servers. The issue has been addressed in the latest versions of PuTTY, FileZilla, WinSCP, and TortoiseGit, with recommendations for users of TortoiseSVN to use the latest PuTTY release until a patch is available. Additionally, affected keys should be considered compromised and revoked.

1 year ago•Source: The Hacker News

"Terrapin Exploit Reveals Fresh SSH Security Vulnerabilities"

encryption-network-security

2.285 min•2 years ago

"Terrapin Exploit Reveals Fresh SSH Security Vulnerabilities"

Security researchers have identified a new vulnerability in the SSH protocol, named Terrapin (CVE-2023-48795), which allows attackers to downgrade the security of SSH connections by exploiting a prefix truncation attack during the handshake process. This could lead to weaker client authentication and the disabling of keystroke timing attack countermeasures. The flaw affects numerous SSH implementations and patches have been released to address the issue. Organizations are urged to patch both servers and clients to fully mitigate the risk.

via The Hacker News

Featured Encryption Network Security Stories

PuTTY SSH Client Vulnerability Enables Private Key Recovery

"Terrapin Exploit Reveals Fresh SSH Security Vulnerabilities"

More Encryption Network Security Stories