Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 9 months agoWidely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attackthehackernews.comexternal-linkmessage-square3fedilinkarrow-up158arrow-down11
arrow-up157arrow-down1external-linkWidely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attackthehackernews.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 9 months agomessage-square3fedilink
minus-squareHubertManne@kbin.sociallinkfedilinkarrow-up14·9 months agoand remediated if using the latest version or latest version of things using it.
minus-squarem-p{3}@lemmy.calinkfedilinkEnglisharrow-up10·9 months agoI’d consider the ecdsa-sha2-nistp521 private keys used with those versions as compromised, and suggest generating new private keys asap.
minus-squareledslinkfedilinkEnglisharrow-up3·9 months agoDoes anyone know if the new versions of putty (or applications using putty likeTortoiseGIT) will warn users about this?
and remediated if using the latest version or latest version of things using it.
I’d consider the
ecdsa-sha2-nistp521private keys used with those versions as compromised, and suggest generating new private keys asap.Does anyone know if the new versions of putty (or applications using putty likeTortoiseGIT) will warn users about this?