[tor-bugs] #22268 [Core Tor/Tor]: TROVE-2017-003: Impersonation of a single fallback directory mirror
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 16 12:47:15 UTC 2017
#22268: TROVE-2017-003: Impersonation of a single fallback directory mirror
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Major | Resolution: implemented
Keywords: fallback | Actual Points:
Parent ID: #21564 | Points: 0.1
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by nickm):
* status: new => closed
* resolution: => implemented
Comment:
The impact here is that whoever currently controls the IP and keys will
enumerate the IP addresses of about 0.7% of the users connecting to the
network for the first time. They won't get to see any user traffic or
user activity. I think this should be classified as "low severity",
though I think our security policy may need clarification on the point.
Teor, I believe that this IP got removed as a fallback as I merged your
fallbacks-201705-028 branch. Please let me know if that's not the case.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22268#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list