tor/changes/trove-2017-009
2017-11-30 11:52:40 -05:00

11 lines
534 B
Plaintext

o Major bugfixes (security):
- When checking for replays in the INTRODUCE1 cell data for a (legacy)
hiddden service, correctly detect replays in the RSA-encrypted part of
the cell. We were previously checking for replays on the entire cell,
but those can be circumvented due to the malleability of Tor's legacy
hybrid encryption. This fix helps prevent a traffic confirmation
attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
tracked as TROVE-2017-009 and CVE-2017-8819.