CRITICALCVSS9.8

PuTTY < 0.81 — Credential Theft

PuTTY's ECDSA signature generation for NIST P-521 keys is biased, allowing recovery of the private key from approximately 60 observed signatures. Update to PuTTY 0.81 and rotate any P-521 SSH keys that were used with older versions.

Published Apr 15, 2024 · Updated May 10, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

An attacker who can observe approximately 60 SSH connections made with a compromised server or via a man-in-the-middle position can recover the user's private SSH key. With the private key, the attacker can authenticate as that user to all servers where the corresponding public key is authorised — potentially gaining access to hundreds of servers if the key is widely deployed.

How the attack works

PuTTY generates ECDSA signatures using biased nonces when using NIST P-521 keys. The bias is predictable and allows an attacker who observes approximately 60 SSH signatures made with the affected key to mathematically recover the private key. The attacker only needs to be a malicious server (or intercept connections) to collect the required signatures.

Am I affected?Quick check

Probably yes if any of these apply:

●System Administrators

●Developers

●DevOps Teams

●IT Security

●Running PuTTY 0.68 through 0.80 (when using NIST P-521 ECDSA keys)

Affected OS versions

Windows 10Windows 11Windows Server 2016Windows Server 2019Windows Server 2022

Fixed inPuTTY 0.81

Real-world incidentsWhat we've seen

Researchers at Ruhr University Bochum disclosed CVE-2024-31497 in April 2024. The vulnerability also affects FileZilla, WinSCP, TortoiseGit, TortoiseSVN, and other tools that use PuTTY's cryptographic library. A proof-of-concept key recovery tool was published within weeks. Any P-521 keys used for SSH authentication with affected versions should be considered compromised and must be rotated.

How to patch

Manual remediation steps

⏱ 30 minutes for update plus key rotation time

Check PuTTY Version

# Find PuTTY installations:
$puttyPaths = @(
  "C:\Program Files\PuTTY\putty.exe",
  "C:\Program Files (x86)\PuTTY\putty.exe",
  "$env:LOCALAPPDATA\Programs\PuTTY\putty.exe"
)
foreach ($path in $puttyPaths) {
  if (Test-Path $path) {
    (Get-Item $path).VersionInfo.FileVersion
  }
}
# Vulnerable if 0.68 through 0.80 AND using P-521 ECDSA keys

Identify Affected P-521 Keys

# List all PuTTY private key files (.ppk) in common locations:
Get-ChildItem "$env:USERPROFILE\.ssh","$env:APPDATA\SSH" -Filter "*.ppk" `
  -ErrorAction SilentlyContinue | Select-Object FullName

# Check PuTTY saved sessions for keys in use:
Get-ChildItem "HKCU:\Software\SimonTatham\PuTTY\Sessions" |
  ForEach-Object { Get-ItemProperty $_.PSPath } |
  Select-Object PSChildName, PublicKeyFile

Immediate Action: Rotate P-521 SSH Keys

# If you have any P-521 keys, they must be considered compromised.
# 1. Generate a new Ed25519 or ECDSA P-256 key with PuTTYgen 0.81
# 2. Add the new public key to all authorised_keys files on servers
# 3. Remove the old P-521 public key from all authorised_keys files
# 4. Delete the old P-521 private key

Update PuTTY

# Via winget:
winget upgrade PuTTY.PuTTY

# Or download from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Also Update Affected Tools That Use PuTTY Libraries

# These tools use PuTTY's crypto and are also affected:
winget upgrade WinSCP.WinSCP              # Update to 6.3.3+
winget upgrade TortoiseGit.TortoiseGit    # Update to latest
winget upgrade FileZilla.FileZilla        # Update to latest

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2024-31497 ↗ NVD