Important Notice: Security vulnerabilities of PuTTy (updated on 18 April 2024)

關於 PuTTy的安全漏洞通告 (更新於 2024年4月18日)

 2024-04-18     ICTO     Bulletin / 公告    (Expired/已過期)

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), PuTTy recently issued security vulnerability about ECDSA private key. Attackers can exploit this vulnerability to restore the private key from signed messages and public key. When they have the private key, they can forge the signature and log in to any servers using that private key.

  • Please update to PuTTy  0.80 later, FileZilla 3.66.5 later, WinSCP 6.3.2 later, TortoiseGit 2.15.0 later and TortoiseSVN 1.14.6 later.

For more details, please refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,PuTTy近日發出有關於 ECDSA 私鑰的安全漏洞,攻擊者可利用這漏洞,從一些已簽名的訊息和公鑰還原出私鑰,當攻擊者取得私鑰,便能够偽造簽名,登入使用該私鑰的任何伺服器。

  • 請更新至 PuTTy  0.80 之後版本, FileZilla 3.66.5 之後版本, WinSCP 6.3.2 之後版本, TortoiseGit 2.15.0之後版本 和 TortoiseSVN 1.14.6之後版本。

有關詳情可參考:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部