Developers of the anonymous network Tor published the results of a code audit conducted by Radically Open Security from April to August 2023. The purpose of the audit was to evaluate the changes made to improve the speed and reliability of the Tor network. The audit focused on the code for output nodes, the Tor Browser browser, infrastructure components, and testing utility.
The audit identified a total of 17 vulnerabilities, with one classified as dangerous. Four vulnerabilities had a medium level of danger, while the remaining 12 were considered minor issues. The most severe vulnerability was found in the application called onbasca (onion bandwidth Scanner), which is used to scan network nodes.
This vulnerability allows attackers to send requests through the GT HTTP method, which can be used to impersonate another user and add their bridge nodes to the database. An attacker can exploit this vulnerability by embedding a Fetch JavaScript code in a webpage, which, when opened by a user with an active session to the Onion Bandwidth Scanner, can reveal their IP address.
Other vulnerabilities found during the audit include:
- Refusal to serve in Metrics-Lib due to the transfer of a large compressed file, which could cause memory exhaustion.
- Use of a discontinued third-party module called tun2Socks in Tor-Android-Service used by Tor Browser for Android.
- Recording of a zero byte outside the allocated buffer in the Tor client, leading to potential security issues.
- Vulnerability in sbws (Simple Bandwidth Scanner), which could be used to bypass HTTP redirects and potentially leak API tokens.