TGTGInsighttelegram intelligenceLIVE / telegram public index
← exploit.org
View original
exploit.org avatar

TGINSIGHT POST

Post #37

@exploitorg

exploit.org

Views5,700Post view count
PostedApr 1604/16/2024, 04:10 PM
Post content

Post content

⚠️PuTTY CVE-2024-31497⚠️ 📰Brief: attacker can gain access to private key with public key and some signed messages on hand via forged identification signature of legitimate user. Signed messages may be publicly visible due to storage in public Git. 🚩Possibilities: login into any servers key was used in, supply chain attacks software maintained git, etc. 📗Affected versions: 0.80 and prior. 📚Full description:https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html