Tor 0.2.0.28, and probably 0.2.0.34 and previous versions, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tor tor 0.2.0.32 |
||
tor tor 0.2.0.15 |
||
tor tor 0.2.0.14 |
||
tor tor 0.2.0.21 |
||
tor tor 0.2.0.20 |
||
tor tor 0.2.0.4 |
||
tor tor 0.2.0.5 |
||
tor tor |
||
tor tor 0.2.0.22 |
||
tor tor 0.2.0.23 |
||
tor tor 0.2.0.29 |
||
tor tor 0.2.0.30 |
||
tor tor 0.2.0.7 |
||
tor tor 0.2.0.6 |
||
tor tor 0.2.0.13 |
||
tor tor 0.2.0.12 |
||
tor tor 0.2.0.11 |
||
tor tor 0.2.0.28 |
||
tor tor 0.2.0.24 |
||
tor tor 0.2.0.27 |
||
tor tor 0.2.0.16 |
||
tor tor 0.2.0.19 |
||
tor tor 0.2.0.9 |
||
tor tor 0.2.0.10 |
||
tor tor 0.2.0.2 |
||
tor tor 0.2.0.31 |
||
tor tor 0.2.0.25 |
||
tor tor 0.2.0.26 |
||
tor tor 0.2.0.17 |
||
tor tor 0.2.0.18 |
||
tor tor 0.2.0.8 |
||
tor tor 0.2.0.1 |
||
tor tor 0.2.0.3 |