23
Code audit found six vulnerabilities and highlighted eleven hardening recommendations for The Tor Project (blog.torproject.org)
submitted 5 months ago by King@sh.itjust.works to c/tech@programming.dev
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Pika@sh.itjust.works 4 points 5 months ago

The article does a nice job explaining what each of the applications/services do. This is the list of disclosed vulnerabilities from the report.

Reported vulnerabilities:

  • TOR-02-002 WP1: TagTor Flask lacks CSRF token system allowing post requests to be done without validating origin
  • TOR-02-006 WP2: Margot command line tool doesn't sanitize input allowing DOS via invalid input
  • TOR-02-007 WP2: Margot tool creates false positives and negatives causing false sense of security
  • TOR-02-008 WP2: Margot tool contains sensitive system info such as flow and paths in error messages
  • TOR-02-009 WP1: TagTor allows DOS due to no ceiling on endpoint limit parameters for authenticated users
  • TOR-02-015 WP1: TagTor allows DOS due to inefficient tag storage.
this post was submitted on 19 Dec 2025
23 points (100.0% liked)

Tech

3257 readers
1 users here now

A community for high quality news and discussion around technological advancements and changes

Things that fit:

Things that don't fit

Community Wiki

founded 2 years ago
MODERATORS
Vacant@programming.dev