[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks

To: undisclosed-recipients:;
Subject: [tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 05 May 2012 11:29:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 05 May 2012 07:29:47 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5775: excito B3 tor webinterface is vulnerable to CSRF attacks
----------------------------------+-----------------------------------------
 Reporter:  cypherpunks           |          Owner:     
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  - Select a component  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 The excito B3 webinterface (v2.4.1.1) is vulnerable to CSRF attacks (HTTP
 POST only).
 This is likely not specific to the tor administration webinterface but
 also affects tor.

 An attacker could exploit this vulnerability to enable/disable/configure
 tor on the B3 if the victim browses the web while being logged in on the
 B3 device.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5775>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #5774 [- Select a component]: excito B3 webinterface: DirPort == ORPort allowed
Next by Author: Re: [tor-bugs] #5761 [TorBrowserButton]: Decide if it's safe to pass the Dooble around the Tor Community
Previous by thread: Re: [tor-bugs] #5774 [- Select a component]: excito B3 webinterface: DirPort == ORPort allowed
Next by thread: Re: [tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks
Index(es):
- Author
- Thread