Zero-Day in SSH client ‘PuTTY’ assigned CVE-2024-31497 (account takeover via key guessing).
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
https://nvd.nist.gov/vuln/detail/CVE-2024-31497
https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html
https://t.me/cKure/13871