CVE-2024-31497

https://notcve.org/view.php?id=CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. • https://github.com/sh1k4ku/CVE-2024-31497 https://github.com/HugoBond/CVE-2024-31497-POC http://www.openwall.com/lists/oss-security/2024/04/15/6 https://bugzilla.redhat.com/show_bug.cgi?id=2275183 https://bugzilla.suse.com/show_bug.cgi?id=1222864 https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty https://filezilla-project.org/versions.php https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=sim • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •