Tor: >> Tor >> 0.1.0.18 Security Vulnerabilities
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-07-07
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
CVSS Score
5.0
EPSS Score
0.003
Published
2006-07-07
Page 4