[tor-bugs] #5676 [EFF-HTTPS Everywhere]: HTTPS rewriting is bypassed if DNS root is explicitly specified
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Apr 26 21:28:32 UTC 2012
#5676: HTTPS rewriting is bypassed if DNS root is explicitly specified
----------------------------------+-----------------------------------------
Reporter: NYKevin | Owner: pde
Type: defect | Status: new
Priority: critical | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by pde):
(it would allow an active attacker to perform Firesheep-style cookie
stealing accounts against sites that HTTPS Everywhere protects with
domain-wide redirects, if the ruleset does not also have a <securecookie>
directive)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5676#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list