In order to connect to your cloud server, networking devices, ... PuTTY is one of the most widely used open-source SSH clients, so why is it vulnerable? I'll explain here what you can do.
What is PuTTY
PuTTY is one of the most widely used open-source SSH clients used to connect to Cloud server, Networking devices, and Virtual private servers. It can also allow users to remotely access computers over SSH, Telnet, Rlogin network protocols and remains a standard tool to connect with remote devices for a number of years. Let see why you must update it...
What is the problem?
The latest previous version released by PuTTY dated back 20 month ago. But this version and all previous versions of the PuTTY software have been found vulnerable to multiple security vulnerabilities. PuTTY announced this on their own website.
What are the risks ?
A malicious server or a compromised server can be used to hijack client's system in different ways.
- Authentication prompts can be spoofed by a malicious server
- Code Execution via CHM hijacking
- Buffer Overflow in Unix PuTTY Tools
- Cryptographic random numbers can occasionally be reused
- Integer overflow due to missing key-size check in RSA key exchange code
- Terminal DoS attacks
What is the solution ?
A new release (v0.71) of PuTTY client for Windows and Unix has been released and patched all these vulnerabilities.
You can download new version at this address: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
If you don't have the time to patch all your Putty software or if you don't know how to start to find all the affected devices, we can help you. If you wish more information, we remain available.
