Analysis of CVE-2024-31497: Biased ECDSA Nonce Generation in PuTTY

CVE-2024-31497 is a critical vulnerability identified in the PuTTY SSH client affecting versions 0.68 through 0.80, which was fixed in version 0.81. This security flaw stems from the way ECDSA nonces are generated using the NIST P-521 curve, allowing potential recovery of a user’s private key through biased nonce generation. The severity of this vulnerability is underscored by the ease with which an attacker can exploit it—requiring only about 60 signatures to perform a successful attack.

Technical Description

The issue arises from a deterministic approach to generating the ECDSA nonce, which is a random number that should only be used once per signature. In affected PuTTY versions, the nonce generation mechanism produces nonces where the first 9 bits are consistently zero. This predictability severely compromises the randomness required for secure ECDSA signatures, making it possible for an attacker to recover the private key with sufficient signature data.

The vulnerability is specifically notable in scenarios where signed messages are publicly accessible, such as in commits on public Git repositories where SSH is used for commit signing. The compromised nonces can also be exploited by malicious SSH server operators, where the victim might use the same compromised private key for authentication.

Impact and Exploitation Scenarios

The impact of CVE-2024-31497 is profound, particularly because it allows for two main exploitation routes:

  1. Public Exposure of Signatures:
    • If the victim has used PuTTY or Pageant for signing operations that are then stored publicly (e.g., on GitHub), an attacker can access these signatures without needing to breach any server or network. This scenario facilitates a straightforward key recovery, enabling subsequent impersonation or unauthorized actions under the victim’s identity.
  2. Malicious SSH Server Operators:
    • In cases where the victim connects to an SSH server with the compromised key, the server operator could potentially capture enough signatures to perform key recovery. This risk is exacerbated if the SSH server is not fully trusted or if the server operator has malicious intentions.

These vulnerabilities make it possible for attackers to conduct supply-chain attacks by inserting malicious code into software repositories maintained via Git, assuming control of the software development lifecycle, or causing broader disruptions.

Affected Products

Besides PuTTY versions 0.68 to 0.80, several other applications that bundle PuTTY or utilize its SSH functionalities are also vulnerable:

  • FileZilla versions up to 3.66.5
  • WinSCP versions up to 6.3.2
  • TortoiseGit up to 2.15.0
  • TortoiseSVN up to 1.14.6

Mitigation and Prevention

To mitigate the risks associated with CVE-2024-31497, it is crucial for users and administrators of affected versions to:

  • Upgrade to PuTTY version 0.81 or later where the vulnerability is patched.
  • Revoke any NIST P-521 ECDSA keys that might have been used with vulnerable versions of PuTTY and generate new key pairs.
  • Ensure that any dependent applications are updated to incorporate the secure versions of PuTTY or configured to use alternative secure methods for SSH functionalities.


CVE-2024-31497 highlights the critical need for robust randomness in cryptographic operations and the potential dangers of deterministic nonce generation methods in widely used software. The exploitation of such vulnerabilities can lead to significant security breaches, emphasizing the importance of maintaining up-to-date software and adhering to recommended security practices. As this vulnerability is currently awaiting further analysis and a CVSS score by NVD, its critical nature and the potential implications necessitate immediate attention and action from all affected parties.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.