Brother
Professional
- Messages
- 2,590
- Reaction score
- 487
- Points
- 83
Denial of service, outdated software-there is something to pay attention to.
The Tor published a report on the results of the second inspection carried out by Radically Open Security from April to August 2023. As part of the review, the code for ensuring the operation of exit nodes, the Tor Browser, infrastructure elements (collecting metrics, SWBS, Onionoo API), as well as testing utilities were studied. The main purpose of this review was to evaluate changes made to improve the speed and reliability of the Tor network, such as the Conflux traffic sharing protocol added in Tor 0.4.8 and methods for protecting Onion services from DoS attacks based on proof of work..
During the audit, 17 vulnerabilities were discovered, of which one was recognized as critical. Four vulnerabilities were rated moderate, while the remaining 12 were rated minor. The most serious vulnerability was found in the onbasca (Onion Bandwidth Scanner) application, which is used to analyze the bandwidth of network nodes. The vulnerability is related to the ability to send requests via the HTTP GET method, which allows you to perform cross-Site request forgery on behalf of another user (CSRF, Cross-Site Request Forgery), which allows an attacker to add their bridge nodes to the database through manipulations with the "bridge_lines"parameter.
Moderate-risk vulnerabilities include:
The Tor published a report on the results of the second inspection carried out by Radically Open Security from April to August 2023. As part of the review, the code for ensuring the operation of exit nodes, the Tor Browser, infrastructure elements (collecting metrics, SWBS, Onionoo API), as well as testing utilities were studied. The main purpose of this review was to evaluate changes made to improve the speed and reliability of the Tor network, such as the Conflux traffic sharing protocol added in Tor 0.4.8 and methods for protecting Onion services from DoS attacks based on proof of work..
During the audit, 17 vulnerabilities were discovered, of which one was recognized as critical. Four vulnerabilities were rated moderate, while the remaining 12 were rated minor. The most serious vulnerability was found in the onbasca (Onion Bandwidth Scanner) application, which is used to analyze the bandwidth of network nodes. The vulnerability is related to the ability to send requests via the HTTP GET method, which allows you to perform cross-Site request forgery on behalf of another user (CSRF, Cross-Site Request Forgery), which allows an attacker to add their bridge nodes to the database through manipulations with the "bridge_lines"parameter.
Moderate-risk vulnerabilities include:
- Denial of service in metrics-lib: Transferring a large compressed file can run out of RAM, similar to a zip bomb.
- Using the deprecated tun2socks module in tor-android-service, which is used in Tor Browser for Android.
- Writing a null byte outside the allocated buffer boundary in the Tor client due to incorrect operation of the read_file_to_str_until_eof function.
- A vulnerability in the Simple Bandwidth Scanner (sbws) that allows you to roll back an HTTPS connection to HTTP via a redirect, which can lead to a leak of API tokens when an attacker uses the Tor exit node.
