Author Topic: Putty/FileZilla - Keygen Vuln  (Read 435 times)

0 Members and 1 Guest are viewing this topic.

Offline bingo600Topic starter

  • Super Contributor
  • ***
  • Posts: 2009
  • Country: dk
Putty/FileZilla - Keygen Vuln
« on: April 16, 2024, 04:16:30 am »
Not likely to be  a "bad one" , unless you are commting to git etc. with Putty.
But do update your Putty, FileZilla etc ...



https://www.cvedetails.com/cve/CVE-2024-31497/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31497

All NIST P-521 client keys used with PuTTY must be considered compromised, given that the attack can be carried out even after the root cause has been fixed in the source code (assuming that ~60 pre-patch signatures are available to an adversary).

### Mitigations

This vulnerability has been fixed in PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit 2.15.0.1. Users of TortoiseSVN are advised to configure TortoiseSVN to use Plink from the latest PuTTY 0.81 release when accessing a SVN repository via SSH until a patch becomes available.

 
The following users thanked this post: Halcyon

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5753
  • Country: au
Re: Putty/FileZilla - Keygen Vuln
« Reply #1 on: April 16, 2024, 04:58:48 am »
Revoke and regenerate keys on the server end as well.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf