4/16/24: Security vulnerability in older versions of PuTTY, FileZilla, WinSCP, and more

There is a security vulnerability in older versions of PuTTY that also affects FileZilla, WinSCP, and other SSH client applications.   YOU SHOULD UPGRADE YOUR SSH CLIENT APPLICATIONS NOW TO THE LATEST VERSION AVAILABLE.



The details:

The bad news: the effect of the vulnerability is to compromise the private key. An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, and then forge signatures as if they were from you, allowing them to (for instance) log in to any servers you use that key for. To obtain these signatures, an attacker need only briefly compromise any server you use the key to authenticate to, or momentarily gain access to a copy of Pageant holding the key.

NOTE: The problem is not with how the key was originally generated; it doesn't matter whether it came from PuTTYgen or somewhere else. What matters is whether it was ever used with PuTTY, Pageant, FileZilla, WinSCP or other affected products.

The good news: the only affected key type is 521-bit ECDSA. That is, a key that appears in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the 'Key fingerprint' box, or is described as 'NIST p521' when loaded into Windows Pageant, or has an id starting ecdsa-sha2-nistp521 in the SSH protocol or the key file. Other sizes of ECDSA, and other key algorithms, are unaffected. In particular, Ed25519 is not affected.


Therefore, if you have a key of this type, we recommend you revoke it immediately: remove the old public key from all OpenSSH authorized_keys files, and the equivalent in other SSH servers, so that a signature from the compromised key has no value any more. You will find this file in your home directory within the .ssh subdirectory (~/.ssh/authorized_keys).  Then generate a new key pair to replace it.  For instructions on generating a new key for your CCR account, see here.  Then upload your new public key to your account using our identity management portal (see here for instructions).  Make sure to delete the public key you've previously uploaded. 


Even if you don't have an SSH key of this type, we strongly encourage you to update your SSH client applications to the latest versions.  Keeping these products up to date helps to ensure the security of your accounts.


Please see these references, here and here, for more information.