Citrix warns admins to manually mitigate PuTTY SSH client bug

May 9, 2024 at 03:31PM Citrix warned customers about a PuTTY SSH client vulnerability affecting XenCenter, allowing attackers to steal an admin’s private SSH key. The flaw, tracked as CVE-2024-31497, impacts multiple XenCenter versions for Citrix Hypervisor 8.2. The PuTTY component has been removed in XenCenter 8.2.6, and customers are advised to download the latest … Read more

Critical PuTTY Vulnerability Allows Secret Key Recovery

April 16, 2024 at 12:54PM PuTTY developers released an update to patch a critical vulnerability allowing recovery of secret keys. The vulnerability affects versions 0.68 through 0.80, with PuTTY 0.81 fixing the issue. Affected keys, including those used by products like FileZilla and WinSCP, must be revoked immediately. Researchers warned of the potential for key … Read more

PuTTY SSH client flaw allows recovery of cryptographic private keys

April 16, 2024 at 11:07AM The PuTTY version 0.68 through 0.80 contains a vulnerability (CVE-2024-31497) that could allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. It affects systems using ECDSA keys and could be exploited to gain unauthorized access to SSH servers or sign commits as … Read more