8 matches found
Denial of Service in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. - Vulnerability ID: OTF-012 - Vulnerability type: Denial of Service - Threat level: Moderate Description: The receive mode...
GHSA-JH82-C5JW-PXPC Denial of Service in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. - Vulnerability ID: OTF-012 - Vulnerability type: Denial of Service - Threat level: Moderate Description: The receive mode...
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-001 - Vulnerability type: Improper Input Sanitization -...
GHSA-W9M4-7W72-R766 Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-004 - Vulnerability type: Improper Access Control - Threa...
Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-009 - Vulnerability type: Improper Access Control - Threa...
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...
Tor Project Opens Bounty Program To All Researchers
The Tor Project announced today the launch of a public bug bounty program to encourage security researchers to privately report issues they find in the group’s software. Unlike its previous invite-only bounty program launched last year, this bounty program will be open to all bounty hunters throu...
Tor to Launch Bug Bounty Program in 2016
The Tor Project announced last week that it will launch a bug bounty program later this year to encourage security researchers to responsibly report issues they find in the software. Tor Browser and Tor Performance Developer Mike Perry announced the news during the “State of the Onion” address la...