CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required

A severe security flaw (CVE-2024-31497) has been discovered in the popular SSH client PuTTY (versions 0.68 to 0.80), impacting a wide range of software including FileZilla, WinSCP, TortoiseGit, and TortoiseSVN. This defect drastically weakens private keys used in the ECDSA algorithm with the NIST P-521 curve, leaving them easily recoverable by attackers. This flaw was discovered by security researchers Fabian Bäumer and Marcus Brinkmann from Ruhr University Bochum.

The Problem

The CVE-2024-31497 vulnerability lies in how PuTTY generates random values (nonces) used within the ECDSA signature process. In the NIST P-251 configuration, the randomness is heavily biased. Attackers can exploit this bias to reconstruct the private key after collecting just 60 or so signatures created with the compromised key.

Who’s at Risk

Anyone who uses the affected versions of PuTTY or related products like Filezilla for SSH authentication with ECDSA NIST P-521 keys is vulnerable. Attackers can obtain the necessary signatures by briefly compromising an SSH server you connect to or potentially from public sources where you’ve used the key (like signed Git commits).

This vulnerability not only affects users of PuTTY but also extends to several other tools:

• FileZilla (Versions 3.24.1 – 3.66.5)
• WinSCP (Versions 5.9.5 – 6.3.2)
• TortoiseGit (Versions 2.4.0.2 – 2.15.0)
• TortoiseSVN (Versions 1.10.0 – 1.14.6)

The Consequences

A compromised private key is disastrous. Attackers can impersonate you, potentially gaining access to any server where you use that key for authentication. The damage persists even after the vulnerability is patched – previously exposed keys are permanently compromised.

What You Must Do

1. Identify Vulnerable Keys: Check if you use ECDSA NIST P-521 keys. In PuTTYgen, the fingerprint starts with “ecdsa-sha2-nistp521”.

2. Revoke Compromised Keys: Remove compromised public keys from all authorized_keys files on servers and any online service where they’re used (like GitHub).

3. Generate New Keys: Create fresh key pairs (ideally using Ed25519, which is unaffected) to replace the compromised ones.

4. Update Your Software: Immediately update PuTTY to version 0.81 or later. Do the same for FileZilla (version 3.67.0), WinSCP (version 6.3.3), TortoiseGit (version 2.15.0.1), and TortoiseSVN. If you can’t update TortoiseSVN, switch to using the updated PuTTY Plink for SSH connections.

Additional Notes

• This flaw does NOT expose signatures through passive network snooping. An attacker needs active control of a server or access to your signed data.
• Other ECDSA key sizes show slight bias but are not practically exploitable at this time.