Author Topic: Putty/FileZilla - Keygen Vuln (Read 204 times)

bingo600 · « **on:** April 16, 2024, 04:16:30 am »

Not likely to be a "bad one" , unless you are commting to git etc. with Putty.
But do update your Putty, FileZilla etc ...

https://www.cvedetails.com/cve/CVE-2024-31497/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31497

All NIST P-521 client keys used with PuTTY must be considered compromised, given that the attack can be carried out even after the root cause has been fixed in the source code (assuming that ~60 pre-patch signatures are available to an adversary).

### Mitigations

This vulnerability has been fixed in PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit 2.15.0.1. Users of TortoiseSVN are advised to configure TortoiseSVN to use Plink from the latest PuTTY 0.81 release when accessing a SVN repository via SSH until a patch becomes available.

Halcyon · « **Reply #1 on:** April 16, 2024, 04:58:48 am »

Revoke and regenerate keys on the server end as well.


EEVblog Main Site	EEVblog on Youtube	EEVblog on Twitter	EEVblog on Facebook	EEVblog on Odysee

EEVblog Electronics Community Forum

Author Topic: Putty/FileZilla - Keygen Vuln (Read 204 times)

bingo600

Putty/FileZilla - Keygen Vuln

Halcyon

Re: Putty/FileZilla - Keygen Vuln

Share me