[tbb-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 10 16:27:39 UTC 2016


#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
 Reporter:  entr0py                              |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:  Tor:
                                                 |  0.2.8.9
 Severity:  Major                                |     Resolution:
 Keywords:  socksauth first-party base-url       |  Actual Points:
  domain                                         |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by adrelanos):

 * cc: adrelanos (added)
 * status:  closed => reopened
 * resolution:  invalid =>


Comment:

 The random socks user name was implemented in 4.5 stable already.

 source: https://blog.torproject.org/blog/tor-browser-45-released

 > Bug #3455: Use SOCKS user+pass to isolate all requests from the same url
 domain

 Are you sure the password / random string is really irrelevant? If so, why
 was it implemented?

 Overview:

 - {{{4.5}}}: stable: should work (first stable where this was implemented)
 (untested)
 - {{{6.0.5}}}: broken
 - {{{6.5a3}}}: working

 We changelogs between {{{6.0.5}}} and {{{6.5a3}}} do not indicate any
 related changes.

 So I think this is a valid bug report against {{{6.0.5}}}. If it randomly
 works in one version but not in a later version, I also think this is a
 good item for unit testing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list