Skip to Content

PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Published on November 12, 2024

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user’s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant.

Besides impacting PuTTY, it also affects other products that incorporate a vulnerable version:

The fix is to:

  1. upgrade the software to the latest version
  2. delete your current private key.

References: