CVE-2024-31497
At Quasar Cyber Security, we have been actively working for the past week to remediate a critical vulnerability identified as CVE-2024-31497.
To this day, this vulnerability has not been assigned a CVSS score, underscoring the urgency and importance of addressing it.
🔒 What's the issue?
The vulnerability exploits a bias in the ECDSA signing process used in the NIST P-521 configuration, allowing an attacker to reconstruct the SSH private key after collecting a finite number of signatures.
🔍 Where could an attacker collect these signatures?
There are several potential sources, from compromised SSH servers to publicly signed commits in Git.
🛡️ Remediation Actions:
At Quasar, we are implementing proactive measures to protect our clients and their critical infrastructures. This includes updating all affected tools to versions that have resolved this issue and reviewing all SSH keys generated during the vulnerable period.
🔴 Affected software versions :
PuTTY: Vers. 0.68 – 0.80.
FileZilla: Vers. 3.24.1 – 3.66.5.
WinSCP: Vers. 5.9.5 – 6.3.2.
TortoiseGit: Vers. 2.4.0.2 – 2.15.0.
TortoiseSVN: Vers. 1.10.0 – 1.14.6
We urge everyone in the security community to review their systems to mitigate this vulnerability as soon as possible.
More info:
https://nvd.nist.gov/vuln/detail/CVE-2024-31497
https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-31497
https://news.ycombinator.com/item?id=40044665