5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers,
with control of an entry router and an exit router, to confirm that a
sender and receiver are communicating via vectors involving (1) replaying,
(2) modifying, (3) inserting, or (4) deleting a single cell, and then
observing cell recognition errors at the exit router. NOTE: the vendor
disputes the significance of this issue, noting that the product’s design
“accepted end-to-end correlation as an attack that is too expensive to
solve.”