[tor-bugs] #22740 [Core Tor/Tor]: vulnerability allows you to access not-specified port from tor client

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 28 00:55:19 UTC 2017


#22740: vulnerability allows you to access not-specified port from tor client
------------------------------+-----------------
     Reporter:  cypherpunks   |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Immediate     |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Critical      |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+-----------------
 null-byte.wonderhowto.com/how-to/hack-tor-hidden-services-0166673/

 If I have "Hiddenservice 80 127.0.0.1:80" only, I expect
 no one access to not-80 ports. Isn't this a vulnerability?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22740>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list