PT-2010-2166 · Tor · Tor
Roger Dingledine
·
Published
2010-01-25
·
Updated
2010-02-05
·
CVE-2010-0383
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tor versions prior to 0.2.1.22
Tor versions 0.2.2.x prior to 0.2.2.7-alpha
Description
The issue makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations due to the use of deprecated identity keys for certain directory authorities.
Recommendations
For Tor versions prior to 0.2.1.22, update to version 0.2.1.22 or later.
For Tor versions 0.2.2.x prior to 0.2.2.7-alpha, update to version 0.2.2.7-alpha or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tor