[tor-bugs] #12268 [Ooni]: Issue A. CSRF Token Not Compared in Constant Time .
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 11 16:35:12 UTC 2014
#12268: Issue A. CSRF Token Not Compared in Constant Time .
-------------------------+---------------------
Reporter: hellais | Owner: hellais
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Ooni | Version:
Resolution: fixed | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------+---------------------
Changes (by hellais):
* status: new => closed
* resolution: => fixed
Comment:
At 2014-05-05 13:06:02 Arturo Filastò wrote:
This issue applies to the currently unused and still under development
component called oonid.
At 2014-05-12 18:37:47 Taylor Hornby wrote:
Even though `oonid` is still under development and should not be used, a
curious user may make themselves vulnerable by mistake. I recommend
applying a patch that prevents `oonid` from running, or at least prints a
warning when it is run.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12268#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list