Citrix warns customers about the need to manually update the version of PuTTY installed in their XenCenter system.

Citrix is urging its customers to independently address a vulnerability in the SSH client PuTTY, which could allow attackers to steal the SSH private key of the XenCenter administrator. In the XenCenter versions for Citrix Hypervisor 8.2 CU1 LTSR, PuTTY, a third-party component, was used to establish SSH connections with virtual machines. However, starting from XenCenter version 8.2.6, the use of PuTTY has been discontinued, and all versions released after 8.2.7 will no longer include this component. The vulnerability is designated asCVE-2024-31497The issue affects several versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, where PuTTY is present. The problem lies in the code responsible for generating signatures from ECDSA private keys using the NIST P521 curve. An attacker could exploit this vulnerability to recover NIST P-521 private keys.

“The problem was identified in PuTTY versions prior to 0.81; when this client is used in conjunction with XenCenter, it may, in some cases, allow an attacker controlling the virtual machine to determine the SSH key of the XenCenter administrator, who uses this key to authenticate to their guest machine via SSH.” This is the content of the security notice. The company recommends that its clients who do not intend to use the “Open SSH Console” feature remove the PuTTY component.

Users who intend to use this feature are advised to update the installed version of PuTTY on their XenCenter system to at least version 0.81. VulnerabilityCVE-2024-31497Researchers Fabian Boimer and Markus Brinkmann from the Ruhr University in Bochum have identified a vulnerability.

“The PuTTY client and all its associated components generate highly biased ECDSA nonce values in the case of NIST P-521. Specifically, the first 9 bits of each nonce value are equal to zero. This allows for the complete recovery of the secret key with just 60 signatures using modern methods. These signatures can either be collected by a malicious server (man-in-the-middle attacks are not possible, as clients do not transmit their signatures in plaintext), or obtained from other sources, such as signed commits in git through redirected agents,” Boimer added.

“The generation of unreliable numbers for other curves is also slightly biased. However, the bias is insignificant, and it is not enough to carry out lattice-based attacks for key recovery (in the absence of cryptographic breakthroughs),” he noted.

Products affected by the vulnerability

Below are the products that include the affected version of PuTTY and are therefore also vulnerable to this issue:

• FileZilla (versions from 3.24.1 to 3.66.5)
• WinSCP (5.9.5 – 6.3.2)
• TortoiseGit (2.4.0.2 – 2.15.0)
• TortoiseSVN (1.10.0 – 1.14.6)

The vulnerability was fixed in PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit 2.15.0.1. TortoiseSVN users are advised to configure TortoiseSVN to use Plink from the latest version of PuTTY 0.81 when accessing the SVN repository via SSH until a patch is available. Any product or component using ECDSA NIST-P521 keys is vulnerable.CVE-2024-31497It should be considered compromised. These keys should be revoked by removing them from authorized_keys, GitHub repositories, and other relevant platforms.

Follow me on Twitter:@securityaffairs, as well as on Facebook and Mastodon Pierluigi Paganini (SecurityAffairs - hacking, Citrix).