WARNING! Every version of the PuTTY tools from v0.68 to v0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server). This vulnerability has been assigned CVE-2024-31497.
This critical vulnerability has been fixed in PuTTY v0.81, available from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html (changelog at https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html)
Statistics: Posted by Midas — Wed Apr 17, 2024 9:00 am