Lucene search

MitreCVE-2006-3411

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3411

2006-07-0700:05:00

mitre

web.nvd.nist.gov

cve-2006-3411

tls handshake

tor

encryption keys

brute force attacks

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.

Affected configurations

Nvd

Node

tortorMatch0.0.2

tortorMatch0.0.2_pre13

tortorMatch0.0.2_pre14

tortorMatch0.0.2_pre15

tortorMatch0.0.2_pre16

tortorMatch0.0.2_pre17

tortorMatch0.0.2_pre18

tortorMatch0.0.2_pre19

tortorMatch0.0.2_pre20

tortorMatch0.0.2_pre21

tortorMatch0.0.2_pre22

tortorMatch0.0.2_pre23

tortorMatch0.0.2_pre24

tortorMatch0.0.2_pre25

tortorMatch0.0.2_pre26

tortorMatch0.0.2_pre27

tortorMatch0.0.3

tortorMatch0.0.4

tortorMatch0.0.5

tortorMatch0.0.6

tortorMatch0.0.6.1

tortorMatch0.0.6.2

tortorMatch0.0.7

tortorMatch0.0.7.1

tortorMatch0.0.7.2

tortorMatch0.0.7.3

tortorMatch0.0.8

tortorMatch0.0.8.1

tortorMatch0.0.9

tortorMatch0.0.9.1

tortorMatch0.0.9.2

tortorMatch0.0.9.3

tortorMatch0.0.9.4

tortorMatch0.0.9.5

tortorMatch0.0.9.6

tortorMatch0.0.9.7

tortorMatch0.0.9.8

tortorMatch0.0.9.9

tortorMatch0.0.9.10

tortorMatch0.1.0.1

tortorMatch0.1.0.2

tortorMatch0.1.0.3

tortorMatch0.1.0.4

tortorMatch0.1.0.5

tortorMatch0.1.0.6

tortorMatch0.1.0.7

tortorMatch0.1.0.8

tortorMatch0.1.0.9

tortorMatch0.1.0.10

tortorMatch0.1.0.11

tortorMatch0.1.0.12

tortorMatch0.1.0.13

tortorMatch0.1.0.14

tortorMatch0.1.0.15

tortorMatch0.1.0.16

tortorMatch0.1.0.17

tortorMatch0.1.0.18

tortorMatch0.1.0.19

tortorMatch0.1.1.1_alpha

tortorMatch0.1.1.2_alpha

tortorMatch0.1.1.3_alpha

tortorMatch0.1.1.4_alpha

tortorMatch0.1.1.5_alpha

tortorMatch0.1.1.6_alpha

tortorMatch0.1.1.7_alpha

tortorMatch0.1.1.8_alpha

tortorMatch0.1.1.9_alpha

tortorMatch0.1.1.10_alpha

VendorProductVersionCPE
tortor0.0.2cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tortor0.0.2_pre13cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tortor0.0.2_pre14cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tortor0.0.2_pre15cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tortor0.0.2_pre16cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tortor0.0.2_pre17cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tortor0.0.2_pre18cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tortor0.0.2_pre19cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tortor0.0.2_pre20cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tortor0.0.2_pre21cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tor	tor	0.0.2	cpe:2.3:a:tor:tor:0.0.2:::::::*
tor	tor	0.0.2_pre13	cpe:2.3:a:tor:tor:0.0.2_pre13:::::::*
tor	tor	0.0.2_pre14	cpe:2.3:a:tor:tor:0.0.2_pre14:::::::*
tor	tor	0.0.2_pre15	cpe:2.3:a:tor:tor:0.0.2_pre15:::::::*
tor	tor	0.0.2_pre16	cpe:2.3:a:tor:tor:0.0.2_pre16:::::::*
tor	tor	0.0.2_pre17	cpe:2.3:a:tor:tor:0.0.2_pre17:::::::*
tor	tor	0.0.2_pre18	cpe:2.3:a:tor:tor:0.0.2_pre18:::::::*
tor	tor	0.0.2_pre19	cpe:2.3:a:tor:tor:0.0.2_pre19:::::::*
tor	tor	0.0.2_pre20	cpe:2.3:a:tor:tor:0.0.2_pre20:::::::*
tor	tor	0.0.2_pre21	cpe:2.3:a:tor:tor:0.0.2_pre21:::::::*

Rows per page:

1-10 of 681

References

secunia.com/advisories/20514

security.gentoo.org/glsa/glsa-200606-04.xml

tor.eff.org/cvs/tor/ChangeLog

www.osvdb.org/25876

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Related for CVE-2006-3411