Jul 01 08:40:52.000 Warning! You've just connected to a v2 onion address. Please encourage the site operator to upgrade. These addresses are deprecated for security reasons, and are no longer supported in Tor.
Jul 01 08:40:51.000 Warning! You've just connected to a v2 onion address. Jul 01 08:40:50.000 Warning! You've just connected to a v2 onion address. This is actually upstream at the TOR project, however they have considered this “not a bug”. Inspect ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.logĪLL v2 domains are logged at full connection time. Visit while using Tor Private Browsing on the Brave Browser.Ĭlick on an assortment of. A local or physical attacker could read ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log identify the exact moment a user connected to a new site, easily triangulating the user via a complete log of connection timestamps, which could be easily compared with a server connection log, a compromised Tor end point, or other related Tor attack, affecting the confidentiality & integrity of a user’s Tor session. CVE-2021-22929 Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log CVE IDĬVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N Internal IDĪ vulnerability in the Brave Browser v1.27 and below allows a local or physical attacker to view the exact timestamps that a user connected to a v2 onion address.
0 kommentar(er)
