Page 1 of 1

PuTTY vulnerability update

PostPosted: Sun Nov 08, 2015 1:39 pm
by Zancarius
http://www.chiark.greenend.org.uk/~sgta ... rflow.html

I know some of you probably use PuTTY. Posting this because it may be of interest.

In short, to become a victim of such an attack, you would need to connect to an a malicious server (or one controlled by an attacker) for this vulnerability to work. However, it's still a good idea to update.

I have no idea if this includes support for ECDSA or ED25519 keys. I'll check when I next boot over to Windows.

Related but not to PuTTY: If you're using public key authentication, you should also consider expiring or phasing out DSA keys due to recent vulnerabilities found in the DSA algorithm. If you're using RSA keys with a minimum strength of 2048, you should be okay. Neither ECDSA nor ED25519 are affected.