QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8516

Published: Feb 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html

x_refsource_MISC

https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html

x_refsource_MISC

https://security-tracker.debian.org/tracker/CVE-2020-8516

x_refsource_MISC

https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html

x_refsource_MISC

https://trac.torproject.org/projects/tor/ticket/33129

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.