Monday, May 5, 2025
HomeCyber Security NewsPoC Released for Critical PuTTY Private Key Recovery Vulnerability

PoC Released for Critical PuTTY Private Key Recovery Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client.

The flaw, CVE-2024-31497, allows attackers to recover private keys generated with the NIST P-521 elliptic curve in PuTTY versions 0.68 through 0.80.

The vulnerability stems from PuTTY’s biased generation of ECDSA nonces when using the P-521 curve.

- Advertisement - Google News

Researchers found that the first 9 bits of each nonce are always zero, enabling full private key recovery from roughly 60 signatures using lattice cryptanalysis techniques.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

To demonstrate the feasibility of the attack, security researcher Hugo Bond published a PoC exploit on GitHub.

The PoC leverages the nonce bias to recover the private key from a set of signatures generated by a vulnerable PuTTY version.

An attacker could obtain the required signatures in several ways, such as setting up a malicious SSH server and capturing signatures from connecting PuTTY clients, or extracting signatures from signed Git commits or other sources where PuTTY was used as an SSH agent.

The vulnerability affects not only the PuTTY client, but also several other popular tools that incorporate vulnerable PuTTY versions, including:

  • FileZilla 3.24.1 – 3.66.5
  • WinSCP 5.9.5 – 6.3.2
  • TortoiseGit 2.4.0.2 – 2.15.0
  • TortoiseSVN 1.10.0 – 1.14.6

PuTTY developers have released version 0.81 to address the flaw, and patched versions are available for most of the affected third-party tools as well.

However, the attack can still be carried out if an attacker possesses around 60 signatures generated with a vulnerable version.

Therefore, any NIST P-521 keys used with PuTTY or related tools should be considered compromised and immediately revoked.

As PuTTY is one of the most popular SSH clients, especially on Windows, this vulnerability has a wide-reaching impact.

All users are advised to upgrade to patched versions as soon as possible and replace any potentially exposed keys.

The publication of a PoC exploit increases the likelihood of threat actors exploiting this flaw in the wild.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically...

Apache Parquet Java Vulnerability Enables Remote Code Execution

A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically...