#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth -------------------------------------+------------------------------------- Reporter: entr0py | Owner: tbb-team Type: defect | Status: new Priority: Very High | Milestone: Component: Applications/Tor | Version: Tor: 0.2.8.9 Browser | Keywords: socksauth first-party Severity: Major | base-url domain Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | -------------------------------------+------------------------------------- TBB 6.0.5 under Debian-8 with Isolating Proxy (Whonix)
SocksAuth viewed in Browser Console with torbutton.loglevel=3 shows <domain>:0 for all domains. Password=0 persists even after issuing newnym (via `New Identity`). TBB 6.5a3 & TBB 6.5a3-hardened do not exhibit this behavior. These browsers generate unique nonce passwords for separate domains, which are re-generated when newnym is issued. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs