The daemon in Tor up to and including 0.4.1.8 and 0.4.2.x up to and including 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote malicious users to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
torproject tor |