Weak Key Vulnerability in Tor Allows Malicious Servers to Obtain Client Keys

Weak Key Vulnerability in Tor Allows Malicious Servers to Obtain Client Keys

CVE-2005-2643 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.

Learn more about our Cis Benchmark Audit For Server Software.