• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Tor ControlPort Missing Authentication Unauthorized Access Vulnerability

Tor is prone to an unauthorized-access vulnerability due to a design error when handling multiple connections to the ControlPort.

An attacker can exploit this issue to reconfigure Tor and significantly weaken the anonymity provided by the software.

Tor 0.1.2.15 is confirmed vulnerable; previous versions may also be affected.