CVE-2006-3419Improper Control of Interaction Frequency in TOR

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 44.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Torproject TORTOR
Timeline
PublishedJul 7
Latest updateMay 1

Description

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantorproject/tor< 0.1.1.20-1+3
NVDtor/tor68 versions+67

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-rj3x-48ch-69xf: Tor before 02022-05-01
OSV
CVE-2006-3419: Tor before 02006-07-07
CVEList
CVE-2006-3419: Tor before 02006-07-07

📋Vendor Advisories

1
Debian
CVE-2006-3419: tor - Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead...2006
CVE-2006-3419 — TOR vulnerability | cvebase