[tor-bugs] #18513 [Tor Browser]: New Identity bypass
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 10 04:10:06 UTC 2016
#18513: New Identity bypass
-----------------------------+----------------------
Reporter: tahuttun | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
The "new identity" bypass requires no JS and works with highest private
and security level that Tor Browser has! The attack works because favicon
cache is not truncated. An attacker may spread unique tokens as part of
the favicon addressess.
The new identity may be traced to the old one, since we know which token
is given to which user and have ability to test if the user has the exact
token (use token once, mark it as used and generate more if required).
Furthermore, because the favicon connection is not closed when the "new
identity" is ran we have also the knowledge that the tor browser is still
open. Favicons are flushed when browser is closed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18513>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list