Important Notice: Security vulnerabilities of PuTTy (updated on 18 April 2024)
關於 PuTTy的安全漏洞通告 (更新於 2024年4月18日)
資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), PuTTy recently issued security vulnerability about ECDSA private key. Attackers can exploit this vulnerability to restore the private key from signed messages and public key. When they have the private key, they can forge the signature and log in to any servers using that private key.
- Please update to PuTTy 0.80 later, FileZilla 3.66.5 later, WinSCP 6.3.2 later, TortoiseGit 2.15.0 later and TortoiseSVN 1.14.6 later.
For more details, please refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,PuTTy近日發出有關於 ECDSA 私鑰的安全漏洞,攻擊者可利用這漏洞,從一些已簽名的訊息和公鑰還原出私鑰,當攻擊者取得私鑰,便能够偽造簽名,登入使用該私鑰的任何伺服器。
-
請更新至 PuTTy 0.80 之後版本, FileZilla 3.66.5 之後版本, WinSCP 6.3.2 之後版本, TortoiseGit 2.15.0之後版本 和 TortoiseSVN 1.14.6之後版本。
有關詳情可參考:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部