{"uuid": "5631b56c-f652-4b28-bec6-ed9264212517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31497", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/247", "content": "\ud83d\udea8\ud83d\udea8POC RELEASED\ud83d\udea8\ud83d\udea8PoC that exploits PuTTy CVE-2024-31497. Link in sub-post.\ud83d\udc47\n\n#DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Cybersecurity #Infosec #CTI #CVE202431497 #Vulnerability #PuTTY\n\n\"This vulnerability exploits the biased ECDSA nonce generation in the ecc-ssh.c file. The nonce is generated like \ud835\udc60\u210e\ud835\udc4e512(\ud835\udc3c\ud835\udc37  \ud835\udc60\u210e\ud835\udc4e512(\ud835\udc5d\ud835\udc5f\ud835\udc56\ud835\udc63\ud835\udc4e\ud835\udc61\ud835\udc52\ud835\udc58\ud835\udc52\ud835\udc66)  \ud835\udc60\u210e\ud835\udc4e1(\ud835\udc51\ud835\udc4e\ud835\udc61\ud835\udc4e)) \ud835\udc5a\ud835\udc5c\ud835\udc51 \ud835\udc5e leaving the top 9 bits to zero. In order to recover the private key we need 60 signatures but with 58 we still have 50% probability of success.\"\n\nX: https://twitter.com/DarkWebInformer/status/1789080290175934760", "creation_timestamp": "2024-05-11T01:59:23.000000Z"}