|
Tor Cryptographic Handshake Vulnerability
|
|
Secunia Advisory:
|
SA16424
|
|
|
Release Date:
|
2005-08-19
|
|
Last Update:
|
2005-08-25
|
|
Popularity:
|
7,250 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Manipulation of data
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Tor 0.1.0.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-2643
|
|
Description:
Roger Dingledine has reported a vulnerability in Tor, which potentially can be exploited by malicious people to disclose or modify certain sensitive information.
The vulnerability is caused due to the Tor client failing to reject certain weak keys when performing a Diffie-Hellman handshake. This can potentially be exploited by the first Tor server in the path to disclose all keys the client negotiates for the rest of the path and then read or modify all client traffic.
The vulnerability has been reported in versions 0.1.0.13 and prior.
Solution:
Update to version 0.1.0.14.
http://tor.eff.org/download.html
Provided and/or discovered by:
Roger Dingledine
Changelog:
2005-08-22: Added CVE reference.
2005-08-25: Updated advisory.
Original Advisory:
http://archives.seul.org/or/announce/Aug-2005/msg00002.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
