In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user’s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant.

Besides impacting PuTTY, it also affects other products that incorporate a vulnerable version:

  • FileZilla (3.24.1 – 3.66.5)
  • WinSCP (5.9.5 – 6.3.2)
  • TortoiseGit (2.4.0.2 – 2.15.0)
  • TortoiseSVN (1.10.0 – 1.14.6)

The fix is to:

  1. upgrade the software to the latest version
  2. delete your current private key.

References: