Download: Stable · Snapshot | Docs | Changes | Wishlist
Some development snapshot versions of PuTTY have a vulnerability allowing a man-in-the-middle attacker to compromise (view and modify) SSH sessions, silently in some circumstances. No release version of PuTTY is affected by this bug, including 0.70. Only development snapshot builds from us dated 2019, before 2019-02-11, are affected.
The bug affects DSA signature checking; in vulnerable versions, there is a fixed signature that an attacker can present which will always pass a signature check regardless of anything else. (See the Fixed-in commit message for the precise details.) Other signature algorithms (including ECDSA and Ed25519) are not affected.
The main impact of this is on the use of DSA ("ssh-dss") format host keys. The precise effect of this depends on the existing contents of the client's host key cache.
If your PuTTY installation has no DSA host keys cached (on Windows you can check this by inspecting the Registry), and you're sure you haven't been prompted for one while using a vulnerable snapshot of PuTTY, then you are probably fine. (To reiterate: if you have only used released versions of PuTTY, then you are definitely fine.)
If the client (or user) insists on public-key user authentication (even with a DSA user key), this vulnerability is somewhat mitigated; the man-in-the-middle cannot gain access to the server (as they don't have access to the user's private key), although they can still pretend to be the server to the user using any prior knowledge of the server they may have.
This vulnerability was found by Filipe Casal, as part of a bug bounty programme run under the auspices of the EU-FOSSA project. Since it only affected pre-release code, we disclosed the fix immediately.