[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth

Subject: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 10 Nov 2016 02:56:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Nov 2016 21:56:38 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------+-------------------------------------
     Reporter:  entr0py              |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  Very High            |  Milestone:
    Component:  Applications/Tor     |    Version:  Tor: 0.2.8.9
  Browser                            |   Keywords:  socksauth first-party
     Severity:  Major                |  base-url domain
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 TBB 6.0.5 under Debian-8 with Isolating Proxy (Whonix)

 SocksAuth viewed in Browser Console with torbutton.loglevel=3 shows
 <domain>:0 for all domains. Password=0 persists even after issuing newnym
 (via `New Identity`).

 TBB 6.5a3 & TBB 6.5a3-hardened do not exhibit this behavior. These
 browsers generate unique nonce passwords for separate domains, which are
 re-generated when newnym is issued.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20585 [Applications/Tor Browser]: HTTPS Everywhere is not working in Tor Browser nightly
Next by Author: Re: [tor-bugs] #3967 [Applications/Torbutton]: new identity feature could support ControlSocket
Previous by thread: Re: [tor-bugs] #20340 [Core Tor/Tor]: nice to have: test torrc for incompatible transistions of config values
Next by thread: Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
Index(es):
- Author
- Thread