The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information.
(In reply to filip ambroz from comment #0) > The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not > verify that a rendezvous node is known before attempting to connect to it, > which might make it easier for remote attackers to discover circuit > information. Upstream is skeptical of this bug. Nick Mathewson redirected me to the following bug: https://trac.torproject.org/projects/tor/ticket/33129 At this point, I'll just follow what upstream does and report back here.
(In reply to Anthony Basile from comment #1) > (In reply to filip ambroz from comment #0) > > The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not > > verify that a rendezvous node is known before attempting to connect to it, > > which might make it easier for remote attackers to discover circuit > > information. > > Upstream is skeptical of this bug. Nick Mathewson redirected me to the > following bug: https://trac.torproject.org/projects/tor/ticket/33129 > > At this point, I'll just follow what upstream does and report back here. Also take a look at the following thread on tor-dev@ https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
Thank you very much, very informative! Closing the bug as invalid.