"Critical Flaw in PuTTY SSH Client Enables Private Key Recovery"
A vulnerability in PuTTY versions 0.68 through 0.80 could allow attackers to recover private keys used for cryptographic signatures, potentially leading to unauthorized access to SSH servers or the ability to sign commits as a developer. The flaw, tracked as CVE-2024-31497, was discovered by researchers at Ruhr University Bochum and has been fixed in PuTTY version 0.81. Other software using the vulnerable PuTTY versions, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, may also be impacted and users are advised to take preventive action.