Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall….
PuTTY SSH Flaw: What You Need to Know
A recently disclosed vulnerability in the popular SSH client PuTTY (versions 0.68 to 0.80) could allow attackers to recover private encryption keys, potentially enabling them to impersonate users and access sensitive systems.
Background
Secure Shell (SSH) is a widely used protocol for secure remote logins and data transfer. PuTTY is a popular SSH client, especially on Windows systems. Cryptographic keys are fundamental to SSH; they are used to authenticate users and servers.
Encryption relies on complex algorithms that ideally should introduce randomness. This PuTTY flaw stemmed from a deterministic method of generating a part of the signature process, resulting in predictable patterns attackers can exploit.
Understanding the Threat
- The Flaw: Affected versions of PuTTY generate biased cryptographic signatures when using the NIST P-521 encryption standard. This bias can be exploited to recover the private key with enough collected signatures.
- The Impact: A successful attack fully compromises the affected private key. This means the attacker can generate forged signatures and potentially gain unauthorised access to servers where this key grants authentication.
What You Need To Do
- Immediate Action: If you have used a 521-bit ECDSA key with any vulnerable PuTTY version (0.68 – 0.80), consider this key compromised. Immediately revoke it from any server where it is authorised – typically by removing it from authorized_keys files.
- Upgrade Software: Update your PuTTY installation to version 0.81 or later. Additionally, software that relies on PuTTY, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN may need updates. Refer to their websites for vulnerability status and patches.
- Generate New Keys: After revocation and updates, generate a new ECDSA key pair to replace the compromised one. It’s advisable to use a different encryption standard like the more robust Ed25519.
Prevention and Best Practices
- Software Updates: Always apply software updates promptly, especially for security-critical tools like SSH clients.
- Strong Encryption: Prefer modern encryption standards like Ed25519 over older ones where possible.
- Key Management: Practice secure key management – limit the servers where a specific key is authorised, change keys regularly, and securely store private keys offline when possible.
Staying Informed
Security vulnerabilities are an ongoing reality. Keep up-to-date with the latest threats and recommended practices at the Cyber and Fraud Centre – www.cyberfraudcentre.com or by downloading our new app.
Related Links:
Related articles
Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…