Comments (5)
[...] As far as I can tell based on the information that has been released this means that using KiTTY without a mitigation patch will allow for this attack even if the SSH server has been patched.
This is somewhat true - one way to partially mitigate this is to go into Connection > SSH > Cipher and move "ChaCha20 (SSH-2 only)" below "-- warn below here --" (be sure to save this in the Default Settings and any other saved sessions). This prevents the use of one of the vulnerable ciphers without warning. As a limitation inherited from PuTTY, the other vulnerable cipher is bundled with other non-vulnerable ones under "AES (SSH-2 only)", and KiTTY can't be configured to warn before using it without also warning before using non-vulnerable ciphers.
Even if you do move both below the warning threshold, running the Terrapin scanner will still produce a positive, as the vulnerable ciphers are still enabled and strict key exchange is unsupported.
Judging by the fact that KiTTY is advertised as "a fork from version 0.76 of PuTTY", and doesn't appear to have incorporated upstream commits since that version (seeing as PuTTY has released 0.77, 0.78, 0.79, and now 0.80), I'm starting to consider moving back to PuTTY myself.
from kitty.
I hope I don't have to go back to putty, but security is more important than usability
from kitty.
Related Issues (20)
- download executables mixed up?
- Feature: mDNS service discovery
- Issue with Multi Tab Putty HOT 1
- Make prompt for "Allow far2l clipboard sync?" optional.
- Different interface between Win10 and Win11 HOT 5
- [Feature request]Please provide an installer with silent options
- Can the autoreconnect feature be added to the command line parameters? HOT 3
- [Feature request] "New duplicated session..." with default Host Name
- How do I change 16 sessions for displaying opened sessions horizontally to just 3 sessions ?
- Kageant: Cannot get rid of bogus "Couldn't load this key" popup HOT 1
- UTF-8 encoded `Windows Title` is not decoded properly HOT 3
- How to adjust the space between lines?
- Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables
- Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)
- Is this project dead? Search for alternatives HOT 14
- [HELP] Is there a way to store auto-login username and password PER SESSION / per IP adress? HOT 2
- DetachedCertificate supported in Putty but not in Kitty HOT 1
- I can't see the option 'Wam before OSC52 clipboard sync' on low resolution display?
- CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kitty.