IRONSMITHINTEL
MEDIUMCVSS5.9
|CVE-2024-31497|Auth: network observer|Reboot: not required|Est. 20–30 minutes|Manual only

PuTTY < 0.81 — Credential Theft

PuTTY generates biased ECDSA nonces when authenticating with NIST P-521 keys, allowing an attacker who observes enough signatures to recover the private key.

Published May 7, 2026 · Updated May 10, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker who can observe SSH authentication sessions (e.g., a network adversary, a compromised SSH server, or anyone with access to authentication logs) and collect approximately 60 signatures can perform a lattice attack to recover the private key. With the private key, they can authenticate as that user to any server that trusts it.

How the attack works

PuTTY versions before 0.81 generate predictably biased nonces when creating ECDSA signatures during SSH authentication using NIST P-521 keys. Approximately 60 signatures are sufficient for an attacker to recover the private key using the lattice-based attack. This affects any system where users authenticate to servers using ECDSA P-521 keys through PuTTY, including saved key files in PuTTYgen format.

Am I affected?Quick check

Probably yes if any of these apply:

System administrators using PuTTY for SSH with ECDSA P-521 keys
Any user with saved PuTTY sessions using P-521 keys
Running PuTTY < 0.81

Affected OS versions

Windows Server 2016Windows Server 2019Windows Server 2022
Fixed in0.81
Real-world incidentsWhat we've seen

This vulnerability is particularly significant for system administrators who use ECDSA P-521 keys to authenticate to servers. If any of those servers have been compromised or are observable by an attacker, previously captured authentication traffic can be used to recover the private key retroactively.

How to patch

Manual remediation steps

20–30 minutes

Step 1 — Check PuTTY Version

# Check PuTTY version
$putty = Get-ItemProperty 'HKLM:\SOFTWARE\SimonTatham\PuTTY' -ErrorAction SilentlyContinue
if ($putty) { $putty.Version } else { "PuTTY registry key not found — check installation" }

# Or check the binary directly
Get-Item 'C:\Program Files\PuTTY\putty.exe' -ErrorAction SilentlyContinue |
    ForEach-Object { $_.VersionInfo.FileVersion }

Step 2 — Update PuTTY

1
Download PuTTY 0.81 from: chiark.greenend.org.uk/~sgtatham/putty/latest.html
2
Run the installer

Step 3 — Revoke Compromised Keys

If you used ECDSA P-521 keys with a vulnerable PuTTY version, those keys should be considered potentially compromised:

1
Generate new ECDSA or Ed25519 keys using the updated PuTTYgen
2
Remove the old public key from all authorized_keys files on servers
3
Add the new public key
4
Securely delete the old private key file

Verification

Get-Item 'C:\Program Files\PuTTY\putty.exe' | ForEach-Object { $_.VersionInfo.FileVersion }
# Must show 0.81 or later
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-31497NVD