Back to search
CVE-2006-3419
Published: Jul 7, 2006
Modified: Sep 17, 2024
PUBLISHED
Description
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25880
vdb-entry
x_refsource_OSVDB
20514
third-party-advisory
x_refsource_SECUNIA
GLSA-200606-04
vendor-advisory
x_refsource_GENTOO
http://tor.eff.org/cvs/tor/ChangeLog
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now