[tbb-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 10 02:56:26 UTC 2016
#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------+-------------------------------------
Reporter: entr0py | Owner: tbb-team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor | Version: Tor: 0.2.8.9
Browser | Keywords: socksauth first-party
Severity: Major | base-url domain
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
TBB 6.0.5 under Debian-8 with Isolating Proxy (Whonix)
SocksAuth viewed in Browser Console with torbutton.loglevel=3 shows
<domain>:0 for all domains. Password=0 persists even after issuing newnym
(via `New Identity`).
TBB 6.5a3 & TBB 6.5a3-hardened do not exhibit this behavior. These
browsers generate unique nonce passwords for separate domains, which are
re-generated when newnym is issued.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list