Vulnerability Name:

CVE-2006-3411 (CCN-33071)

Assigned:2006-05-23
Published:2006-05-23
Updated:2008-09-05
Summary:TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2006-3411

Source: SECUNIA
Type: Patch, Vendor Advisory
20514

Source: GENTOO
Type: UNKNOWN
GLSA-200606-04

Source: CCN
Type: Tor Web site
Tor: anonymity online

Source: CCN
Type: Tor ChangeLog
Changes in version 0.1.1.20 - 2006-05-23

Source: CONFIRM
Type: UNKNOWN
http://tor.eff.org/cvs/tor/ChangeLog

Source: OSVDB
Type: UNKNOWN
25876

Source: CCN
Type: OSVDB ID: 25876
EFF Tor TLS Handshakes Key Generation Weakness

Source: XF
Type: UNKNOWN
tor-tls-weak-security(33071)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tor:tor:0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    tor tor 0.0.2
    tor tor 0.0.2_pre13
    tor tor 0.0.2_pre14
    tor tor 0.0.2_pre15
    tor tor 0.0.2_pre16
    tor tor 0.0.2_pre17
    tor tor 0.0.2_pre18
    tor tor 0.0.2_pre19
    tor tor 0.0.2_pre20
    tor tor 0.0.2_pre21
    tor tor 0.0.2_pre22
    tor tor 0.0.2_pre23
    tor tor 0.0.2_pre24
    tor tor 0.0.2_pre25
    tor tor 0.0.2_pre26
    tor tor 0.0.2_pre27
    tor tor 0.0.3
    tor tor 0.0.4
    tor tor 0.0.5
    tor tor 0.0.6
    tor tor 0.0.6.1
    tor tor 0.0.6.2
    tor tor 0.0.7
    tor tor 0.0.7.1
    tor tor 0.0.7.2
    tor tor 0.0.7.3
    tor tor 0.0.8
    tor tor 0.0.8.1
    tor tor 0.0.9
    tor tor 0.0.9.1
    tor tor 0.0.9.2
    tor tor 0.0.9.3
    tor tor 0.0.9.4
    tor tor 0.0.9.5
    tor tor 0.0.9.6
    tor tor 0.0.9.7
    tor tor 0.0.9.8
    tor tor 0.0.9.9
    tor tor 0.0.9.10
    tor tor 0.1.0.1
    tor tor 0.1.0.2
    tor tor 0.1.0.3
    tor tor 0.1.0.4
    tor tor 0.1.0.5
    tor tor 0.1.0.6
    tor tor 0.1.0.7
    tor tor 0.1.0.8
    tor tor 0.1.0.9
    tor tor 0.1.0.10
    tor tor 0.1.0.11
    tor tor 0.1.0.12
    tor tor 0.1.0.13
    tor tor 0.1.0.14
    tor tor 0.1.0.15
    tor tor 0.1.0.16
    tor tor 0.1.0.17
    tor tor 0.1.0.18
    tor tor 0.1.0.19
    tor tor 0.1.1.1_alpha
    tor tor 0.1.1.2_alpha
    tor tor 0.1.1.3_alpha
    tor tor 0.1.1.4_alpha
    tor tor 0.1.1.5_alpha
    tor tor 0.1.1.6_alpha
    tor tor 0.1.1.7_alpha
    tor tor 0.1.1.8_alpha
    tor tor 0.1.1.9_alpha
    tor tor 0.1.1.10_alpha