Opened 3 years ago

Last modified 23 months ago

#20332 new defect

Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: tor-hs needs-insight annoyance
Cc: s7r Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Seems like people have started receiving this Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS warning message on their relays:

This might be a logic bug in tor, or it might be that Tor clients (or an alt implementation) is reusing the same rend point and same rend cookie multiple times, which simply does not work.

(Meta: Unclear what Points should be in this ticket)

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by twim

Just for the record, there might be another scenario to get this. An adversary who somehow sniffs/derives/guesses the valid rendcookie and RP from a client, may perform a man-on-the-side attack by sending duplicate cell to the RP.
I see neither how this info can be retrieved by an attacker nor what is the outcome/benefit of performing such attack [*].

[*] Attacker still have to know DH share in order to decrypt traffic. It's a bit too much.

comment:2 Changed 3 years ago by twim

Also #15618 may be related.

comment:3 Changed 2 years ago by dgoulet

Keywords: triage-out-030-201612 added
Milestone: Tor: 0.3.0.x-finalTor: unspecified

Triaged out on December 2016 from 030 to Unspecified.

comment:4 Changed 2 years ago by s7r

Cc: s7r added

comment:5 Changed 2 years ago by nickm

Keywords: triage-out-030-201612 removed

comment:6 Changed 2 years ago by dgoulet

Points: ?
Sponsor: SponsorR-can

As stated before, this can happen with a buggy tor client implementation so maybe the move is to change this log statement to protocol warning?...

comment:7 Changed 23 months ago by nickm

Keywords: needs-insight annoyance added
Note: See TracTickets for help on using tickets.