Hello Martin & WinSCP Support,
We were contacted by our security resources about this bug found specifically in PuTTY, but also affected is WinSCP:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
### Affected Products
- PuTTY 0.68 - 0.80
The following (not necessarily complete) list of products bundle an
affected PuTTY version and are therefore vulnerable as well:
- FileZilla 3.24.1 - 3.66.5
- WinSCP 5.9.5 - 6.3.2
- TortoiseGit 2.4.0.2 - 2.15.0
- TortoiseSVN 1.10.0 - 1.14.6
We actually have a system where we've created SSH keys with PuTTY, that is version 5.9.4 (WinSCP), so it's outside of the affected range 5.9.5 – 6.3.2.
For SSH keys (I believe we always use RSA type, and always with a passphrase attached), do we have any concern, if they were created with a WinSCP version 5.9.4 version?
Thank you,
Joe P.