Computer Security
[EN] securityvulns.ru
no-pyccku

  

CVECVE-2011-2768
StatusCandidate
DescriptionTor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.
Severity
Medium
CVSS score5,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:N)
PhaseAssigned (19.07.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
ReferencesDEBIAN : DSA-2331
 CONFIRM : https://blog.torproject.org/blog/tor-02234-release...
SecurityVulns:tor information discosure
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru