Closed numericOverflow closed 5 months ago
No, it does not appear so. When using KeeAgent in "agent" mode, KeeAgent is using the RandomDsaKCalculator class from the BouncyCastle crypto library to generate the k value when signing requests using an ECDSA key. It is not using any code from PuTTY/Pagent for this.
KeeAgent can be used in "client" mode where an affected version Pageant can be used as the SSH agent. But signing requests are not going through KeeAgent in this case, but directly to Pagent. So users of KeeAgent could be affected in this way, but only Pagent needs to be updated in this case.
Awesome, I was hoping that would be the case!
Does Keeagent have this vulnerability?