Tag

Putty

All articles tagged with #putty

cybersecurity1 year ago•3 min saved

"Critical Flaw in PuTTY SSH Client Enables Private Key Recovery"

A vulnerability in PuTTY versions 0.68 through 0.80 could allow attackers to recover private keys used for cryptographic signatures, potentially leading to unauthorized access to SSH servers or the ability to sign commits as a developer. The flaw, tracked as CVE-2024-31497, was discovered by researchers at Ruhr University Bochum and has been fixed in PuTTY version 0.81. Other software using the vulnerable PuTTY versions, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, may also be impacted and users are advised to take preventive action.

via BleepingComputer|

#cryptographic-signatures #cybersecurity #private-keys

encryption-network-security1 year ago•2 min saved

PuTTY SSH Client Vulnerability Enables Private Key Recovery

The widely-used PuTTY SSH client, along with other products like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, has been found vulnerable to a key recovery attack that could compromise NIST P-521 private keys. The flaw, assigned the CVE identifier CVE-2024-31497, allows attackers to recover private keys and forge signatures, potentially leading to unauthorized access to servers. The issue has been addressed in the latest versions of PuTTY, FileZilla, WinSCP, and TortoiseGit, with recommendations for users of TortoiseSVN to use the latest PuTTY release until a patch is available. Additionally, affected keys should be considered compromised and revoked.

via The Hacker News|

#encryption #encryption-network-security #key-recovery-attack