Citrix has issued a warning to its customers regarding a security flaw in the PuTTY SSH client that could potentially enable attackers to steal a XenCenter administrator’s private SSH key. The flaw, identified as CVE-2024-31497, impacts various versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR which utilized PuTTY for SSH connections to guest virtual machines. However, it should be noted that PuTTY was deprecated in XenCenter version 8.2.6 and is no longer included in versions 8.2.7 and beyond.
The vulnerability arises from the code used to generate signatures from ECDSA private keys employing the NIST P521 curve, making it possible for an attacker to recover these private keys. The issue was discovered by researchers Fabian Bäumer and Marcus Brinkmann from Ruhr University in Bochum, who explained that the flaw is linked to the biased generation of ECDSA cryptographic nonces that could lead to the complete retrieval of the secret key.
Citrix recommends that customers who do not utilize the “Open SSH Console” feature should remove the PuTTY component, while those who wish to continue using this functionality are advised to update their PuTTY version to at least 0.81. It is crucial for users to take immediate action to address this vulnerability in order to prevent potential unauthorized access to sensitive information.
Affected products such as FileZilla, WinSCP, TurtleGit, and TurtleSVN, have also been impacted by this flaw with specific versions identified. The bug has been patched in PuTTY 0.81 and updates have been released for other affected software as well. Users are encouraged to configure their systems accordingly and revoke any compromised ECDSA NIST-P521 keys from authorized sources and repositories to mitigate the risk of exploitation.
Additionally, it is advisable to stay informed about security updates and follow credible sources for the latest information on potential threats or vulnerabilities. Customers are urged to maintain vigilance and take proactive steps to safeguard their systems against cybersecurity risks. It is essential to prioritize security measures and promptly address any identified vulnerabilities to reduce the likelihood of security breaches.
In conclusion, the security of digital systems is a critical aspect that requires continuous attention and diligence to ensure the protection of sensitive data and prevent unauthorized access. By following the recommended guidelines and promptly addressing security issues, customers can enhance their cybersecurity posture and minimize the risk of cyber threats. Stay informed, stay protected, and stay proactive in safeguarding your digital assets against emerging cyber risks.
Article Source
https://securityaffairs.com/162953/security/citrix-manually-update-putty-ssh-client.html