Got warning: "ControlPort is open, but no authentication method has been configured..."

Roger Dingledine arma at mit.edu
Mon May 24 02:37:32 UTC 2010


On Mon, May 24, 2010 at 10:24:00AM +0800, ?????? wrote:
>     I got a warning, "ControlPort is open, but no authentication
> method has been configured.  This means that any program on your
> computer can reconfigure your Tor.  That's bad!  You should upgrade
> your Tor controller as soon as possible", with my tor and Vidalia. My
> tor version is 0.2.1.26. I run tor on Ubuntu9.04. Before this warning
> appeared, the tor worked perfectly. What this warning mean and how to
> fix it.

It depends what you did.

My guess is you either 1) edited your /etc/tor/torrc and added
a ControlPort line without also adding a HashedControlPassword or
CookieAuthentication line, or 2) went to the Advanced settings window
in Vidalia and changed the 'Authentication' choice to 'None'.

The problem here is that you've opened up your Tor to be configured by any
local application that can connect to it. You might think that's fine,
but in fact your browser is a local application that can be influenced
by a remote attacker:
http://archives.seul.org/or/announce/Sep-2007/msg00000.html

The way to fix it is to either configure your Vidalia to use
authentication with Tor (rather than no authentication), or to leave
Vidalia off and just run Tor by itself.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list