"PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys"

Fabian Baumer and Marcus Brinkmann from Ruhr University Bochum discovered a vulnerability in PuTTY 0.68 through 0.80 that enables attackers with access to 60 cryptographic signatures to recover the private key used to generate them. PuTTY is a popular open source terminal emulator, serial console, and network file transfer tool that supports SSH, Telnet, SCP, and SFTP. According to the researchers, the vulnerability stems from how PuTTY generates ECDSA nonces, which are temporary unique cryptographic numbers, for the NIST P-521 curve used for SSH authentication. This article continues to discuss the potential exploitation and impact of the PuTTY SSH client flaw.

Bleeping Computer reports "PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys"

Submitted by grigby1

Submitted by Gregory Rigby on