[tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat May 5 11:29:36 UTC 2012
#5775: excito B3 tor webinterface is vulnerable to CSRF attacks
----------------------------------+-----------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
The excito B3 webinterface (v2.4.1.1) is vulnerable to CSRF attacks (HTTP
POST only).
This is likely not specific to the tor administration webinterface but
also affects tor.
An attacker could exploit this vulnerability to enable/disable/configure
tor on the B3 if the victim browses the web while being logged in on the
B3 device.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5775>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list