[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth



#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------+-------------------------------------
     Reporter:  entr0py              |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  Very High            |  Milestone:
    Component:  Applications/Tor     |    Version:  Tor: 0.2.8.9
  Browser                            |   Keywords:  socksauth first-party
     Severity:  Major                |  base-url domain
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 TBB 6.0.5 under Debian-8 with Isolating Proxy (Whonix)

 SocksAuth viewed in Browser Console with torbutton.loglevel=3 shows
 <domain>:0 for all domains. Password=0 persists even after issuing newnym
 (via `New Identity`).

 TBB 6.5a3 & TBB 6.5a3-hardened do not exhibit this behavior. These
 browsers generate unique nonce passwords for separate domains, which are
 re-generated when newnym is issued.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs