SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tor Vendors:   tor.eff.org
Tor May Use Weak Diffie Hellman Keys
SecurityTracker Alert ID:  1014739
SecurityTracker URL:  http://securitytracker.com/id/1014739
CVE Reference:   CVE-2005-2643   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 19 2005
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): stable versions up through 0.1.0.13 and experimental versions up through 0.1.1.4-alpha
Description:   A vulnerability was reported in Tor. A client can lose confidentiality and integrity for Tor-routed connections.

The Diffie Hellman (DH) implementation uses weak keys that are unsafe for DH handshakes. As a result, if a Tor client routes via a Tor server that is a malicious server and the malicious server is the first server, the malicious server can learn all of the keys negotiated for the remainder of the circuit. The server can also spoof the entire circuit. This allows the server to access the target user's traffic.

Impact:   A client can lose confidentiality and integrity for Tor-routed connections.
Solution:   The vendor has issued a fixed version (0.1.0.14 or 0.1.1.5-alpha).
Vendor URL:  tor.eff.org/ (Links to External Site)
Cause:   Randomization error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC