Cypherpunks

**Name of the Vulnerable Software and Affected Versions** Tor versions 0.4.1.8 and 0.4.2.x through 0.4.2.6 **Description** The daemon in Tor does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. The network team of Tor claims this is an intended behavior and not a vulnerability. **Recommendations** For Tor versions 0.4.1.8, consider updating to a version where this behavior is addressed, if available. For Tor versions 0.4.2.x through 0.4.2.6, consider updating to a version where this behavior is addressed, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.