Design/Logic Flaw

2011-12-2303:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.0%

JSON

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.

CPENameOperatorVersion
toreq0.2.1.1.14
toreq0.2.1.10 alpha
toreq0.2.2.17 alpha
toreq0.1.1.6
toreq0.2.1.26
toreq0.1.1.2 alpha
toreq0.2.1.1.4 alpha
toreq0.2.1.1.1 alpha
toreq0.1.1.9
toreq0.0.6.2

Name	Operator	Version
tor	eq	0.2.1.1.14
tor	eq	0.2.1.10 alpha
tor	eq	0.2.2.17 alpha
tor	eq	0.1.1.6
tor	eq	0.2.1.26
tor	eq	0.1.1.2 alpha
tor	eq	0.2.1.1.4 alpha
tor	eq	0.2.1.1.1 alpha
tor	eq	0.1.1.9
tor	eq	0.0.6.2