[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
Reporter: entr0py | Owner: tbb-
| team
Type: defect | Status:
| reopened
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version: Tor:
| 0.2.8.9
Severity: Major | Resolution:
Keywords: socksauth first-party base-url | Actual Points:
domain |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by adrelanos):
* cc: adrelanos (added)
* status: closed => reopened
* resolution: invalid =>
Comment:
The random socks user name was implemented in 4.5 stable already.
source: https://blog.torproject.org/blog/tor-browser-45-released
> Bug #3455: Use SOCKS user+pass to isolate all requests from the same url
domain
Are you sure the password / random string is really irrelevant? If so, why
was it implemented?
Overview:
- {{{4.5}}}: stable: should work (first stable where this was implemented)
(untested)
- {{{6.0.5}}}: broken
- {{{6.5a3}}}: working
We changelogs between {{{6.0.5}}} and {{{6.5a3}}} do not indicate any
related changes.
So I think this is a valid bug report against {{{6.0.5}}}. If it randomly
works in one version but not in a later version, I also think this is a
good item for unit testing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs