[tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 10 06:37:56 UTC 2016
#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
Reporter: entr0py | Owner: tbb-
| team
Type: defect | Status: closed
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version: Tor:
| 0.2.8.9
Severity: Major | Resolution: invalid
Keywords: socksauth first-party base-url | Actual Points:
domain |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by yawning):
* status: new => closed
* resolution: => invalid
Comment:
So? Features get merged into alpha, and rarely if ever get backported,
and this was a new feature that happened to get merged into 6.5a (#19206).
The fact that the password component doesn't change is irrelevant as long
as `NEWNYM` is being sent anyway, since all existing circuits (with
colliding identifiers) will not be used for further traffic.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list