First published: Mon Feb 26 2007(Updated: )
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tor Tor | <=0.1.1.26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.