Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.
Max CVSS
5.0
EPSS Score
0.38%
Published
2005-08-23
Updated
2016-10-18
1 vulnerabilities found