Vulnerability Description
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | 0.0.2 |
References
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25876
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25876
FAQ
What is CVE-2006-3411?
CVE-2006-3411 is a vulnerability with a CVSS score of 6.4 (MEDIUM). TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the enc...
How severe is CVE-2006-3411?
CVE-2006-3411 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3411?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.