Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY. <\/p>\n\n\n\n
The security flaw, tracked as CVE-2024-31497<\/a>, affects multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which includes PuTTY.<\/p>\n\n\n\n
“An issue has been reported in versions of PuTTY prior to version 0.81; when used in conjunction with XenCenter, this issue may, in some scenarios, allow an attacker who controls a guest VM to determine the SSH private key of a XenCenter administrator who uses that key to authenticate to that guest VM while using an SSH connection.” reads the advisory<\/a>.<\/em><\/p>\n\n\n\n
The vulnerability CVE-2024-31497<\/a> was discovered by researchers Fabian B\u00e4umer and Marcus Brinkmann from the Ruhr University Bochum. B\u00e4umer explained that the vulnerability stems from the generation of biased ECDSA\u00a0cryptographic nonces, which could allow full secret key recovery.<\/p>\n\n\n\n
\u201cThe PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures can either be harvested by a malicious server (man-in-the-middle attacks are not possible given that clients do not transmit their signature in the clear) or from any other source, e.g. signed git commits through forwarded agents.\u201d\u00a0Baumer explained<\/a>. \u201cThe nonce generation for other curves is slightly biased as well. However, the bias is negligible and far from enough to perform lattice-based key recovery attacks (not considering cryptanalytical advancements).\u201d<\/em>
The flaw has been fixed in PuTTY 0.81, FileZilla 3.67.0,\u00a0WinSCP 6.3.3, and TortoiseGit 2.15.0.1. TortoiseSVN users are recommended to configure TortoiseSVN to use Plink from the latest PuTTY 0.81 release\u00a0when accessing a SVN repository via SSH until a patch becomes available.
Any product or component using ECDSA NIST-P521 keys impacted by the flaw\u00a0CVE-2024-31497<\/strong><\/a>\u00a0should be deemed compromised. These keys should be revoked by removing them from authorized_keys, GitHub repositories, and any other relevant platforms.
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Citrix)<\/strong><\/p>\n\n\n\n