The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tor | Torproject | * | 0.4.1.8 (including) |
Tor | Torproject | 0.4.2.0 (including) | 0.4.2.6 (including) |