PT-2005-3533 · Tor · Tor

Roger Dingledine

Published

2005-08-21

Updated

2016-10-18

CVE-2005-2643

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tor versions 0.1.0.13 and earlier Tor experimental versions 0.1.1.4-alpha and earlier

Description The issue allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit when using ephemeral Diffie-Hellman (DH) handshakes, due to the failure to reject certain weak keys.

Recommendations For Tor versions 0.1.0.13 and earlier, update to a version that rejects weak keys in ephemeral Diffie-Hellman handshakes. For Tor experimental versions 0.1.1.4-alpha and earlier, update to a version that rejects weak keys in ephemeral Diffie-Hellman handshakes.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2643

Affected Products

Tor

PT-2005-3533 · Tor · Tor

CVE-2005-2643

Related Identifiers

Affected Products

References · 8