Re: [tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
 Reporter:  entr0py                              |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  closed
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:  Tor:
                                                 |  0.2.8.9
 Severity:  Major                                |     Resolution:  invalid
 Keywords:  socksauth first-party base-url       |  Actual Points:
  domain                                         |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by yawning):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 So?  Features get merged into alpha, and rarely if ever get backported,
 and this was a new feature that happened to get merged into 6.5a (#19206).

 The fact that the password component doesn't change is irrelevant as long
 as `NEWNYM` is being sent anyway, since all existing circuits (with
 colliding identifiers) will not be used for further traffic.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs