Credential Stuffing Surge Targets Businesses and Individuals.
The recent surge in credential stuffing attacks highlighted by Okta serves as a stark reminder of the importance of robust cyber security practices. These attacks…
PuTTY SSH Flaw: What You Need to Know
A recently disclosed vulnerability in the popular SSH client PuTTY (versions 0.68 to 0.80) could allow attackers to recover private encryption keys, potentially enabling them to impersonate users and access sensitive systems.
Background
Secure Shell (SSH) is a widely used protocol for secure remote logins and data transfer. PuTTY is a popular SSH client, especially on Windows systems. Cryptographic keys are fundamental to SSH; they are used to authenticate users and servers.
Encryption relies on complex algorithms that ideally should introduce randomness. This PuTTY flaw stemmed from a deterministic method of generating a part of the signature process, resulting in predictable patterns attackers can exploit.
Understanding the Threat
- The Flaw: Affected versions of PuTTY generate biased cryptographic signatures when using the NIST P-521 encryption standard. This bias can be exploited to recover the private key with enough collected signatures.
- The Impact: A successful attack fully compromises the affected private key. This means the attacker can generate forged signatures and potentially gain unauthorised access to servers where this key grants authentication.
What You Need To Do
- Immediate Action: If you have used a 521-bit ECDSA key with any vulnerable PuTTY version (0.68 – 0.80), consider this key compromised. Immediately revoke it from any server where it is authorised – typically by removing it from authorized_keys files.
- Upgrade Software: Update your PuTTY installation to version 0.81 or later. Additionally, software that relies on PuTTY, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN may need updates. Refer to their websites for vulnerability status and patches.
- Generate New Keys: After revocation and updates, generate a new ECDSA key pair to replace the compromised one. It’s advisable to use a different encryption standard like the more robust Ed25519.
Prevention and Best Practices
- Software Updates: Always apply software updates promptly, especially for security-critical tools like SSH clients.
- Strong Encryption: Prefer modern encryption standards like Ed25519 over older ones where possible.
- Key Management: Practice secure key management – limit the servers where a specific key is authorised, change keys regularly, and securely store private keys offline when possible.
Staying Informed
Security vulnerabilities are an ongoing reality. Keep up-to-date with the latest threats and recommended practices at the Cyber and Fraud Centre – www.cyberfraudcentre.com or by downloading our new app.
Related Links:
Related articles
Cisco Firewall Vulnerabilities: Urgent Action Needed to Protect Against State-Sponsored Espionage
Businesses and organisations relying on Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls are being advised to take immediate action to protect…
Cybercriminals Threaten Release of Sensitive World-Check Database
A recent cyber attack has resulted in a serious data breach affecting the World-Check database, a critical tool used by financial institutions and other organisations…