{"uuid": "2d79bc07-da3a-49f7-bfc9-9281d1c862b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31497", "type": "seen", "source": "https://t.me/theninjaway1337/1530", "content": "PuTTY vulnerability vuln-p521-bias\n\nThe effect of the vulnerability is to compromise the private key. An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, and then forge signatures as if they were from you, allowing them to (for instance) log in to any servers you use that key for. To obtain these signatures, an attacker need only briefly compromise any server you use the key to authenticate to, or momentarily gain access to a copy of Pageant holding the key. (However, these signatures are not exposed to passive eavesdroppers of SSH connections.) \n\nhttps://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html\n\nCVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31497", "creation_timestamp": "2024-04-16T18:41:05.000000Z"}