Opened 2 years ago

Last modified 12 months ago

#21559 new defect

Tor browser deanonymization/fingerprinting via cached intermediate CAs

Reported by: cypherpunks Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-fingerprinting, tbb-linkability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi,

I get different results testing https://fiprinca.0x90.eu/poc/ in a fresh Tor browser than in the Tor browser I've been using to browse the web for a bit. (Both are running as Qubes disposable VMs so I haven't tested persistence).

Expected behaviour: my Tor browser (version "6.5, based on Mozilla Firefox 45.7.0") should not leak information about what sites I've visited.

Actual behaviour: I see four cached CAs in the "warmed" browser, leaking information about what sites I've visited.

Version: 6.5

https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ has a writeup by the author.

Child Tickets

Change History (11)

comment:1 Changed 2 years ago by cypherpunks

That PoC found only
50 4f9aac... CA 沃通免费SSL证书 G2 CA 沃通根证书
in my Tor Browser, but I don't use non-English sites!!!
Is it Chinese? And what is it doing in my browser???!!!

comment:2 Changed 2 years ago by cypherpunks

During execution of that PoC my Tor Browser has crashed:
firefox.exe Exception Code: 0xc0000005 Address: 0x0000000000000000 (looks like null pointer dereference) on Win XP, but I still can continue execution and write this comment, but not to send it, because some networking-related thread is responsible for that exception, and every request ends up with
addons.update-checker WARN Request for https://www.eff.org/files/https-everywhere-eff-update-2048.rdf timed out

comment:3 in reply to:  1 Changed 2 years ago by teor

Replying to cypherpunks:

That PoC found only
50 4f9aac... CA 沃通免费SSL证书 G2 CA 沃通根证书
in my Tor Browser, but I don't use non-English sites!!!
Is it Chinese? And what is it doing in my browser???!!!

Don't stress. Certificates sometimes have non-roman character names. Regardless of the names of the sites they sign.

And those particular certificates belong to WoSign - I wonder if the Mozilla restrictions have anything to do with this?

comment:4 Changed 2 years ago by gk

FWIW: the Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1334485. We currently mitigate the problem by having the intermediate cache being memory-only and cleared during New Identity.

comment:5 Changed 2 years ago by cypherpunks

FWIW:
1) It's not an ordinary cache, but just a fallback for misconfigured servers made for "fixing" issues like #2167, #9479, #18218, #19371, but doesn't work as you see, because it's useless for stateless browser and should be disabled.
https://bugzilla.mozilla.org/show_bug.cgi?id=1334485#c11
2) Mozilla urgently disabled SHA-1 and removed WoSign busters from the root.
https://bugzilla.mozilla.org/show_bug.cgi?id=1311824#c1
3) PoC successfully stress-tested the network subsystem of Firefox leading to potentially exploitable crash. Cache should be disabled to reduce the surface and check whether it's the root cause.
https://bugzilla.mozilla.org/show_bug.cgi?id=1334485#c21

comment:6 Changed 2 years ago by cypherpunks

This issue was reported 18 months ago in #17113, but closed by yawning as "not a bug" for unknown reason.

comment:7 Changed 2 years ago by cypherpunks

The caching of intermediate certificates has contributed to problems in the past, such as bug 634074.

https://bugzilla.mozilla.org/show_bug.cgi?id=634074

Ryan S. told me that Google Chrome no longer caches intermediate certificates it receives as part of SSL handshakes, due to similar problems.

https://bugzilla.mozilla.org/show_bug.cgi?id=733232#c0

comment:8 in reply to:  4 Changed 2 years ago by gk

Replying to gk:

FWIW: the Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1334485. We currently mitigate the problem by having the intermediate cache being memory-only and cleared during New Identity.

Actually, we still have the

* XXX: intermediate SSL certificates are not cleared.

in Torbutton and it might we worth testing whether that one can go (as I assumed) or I misspoke. See #2739 for the NEWNYM part.

comment:9 Changed 2 years ago by gk

Priority: MediumHigh
Severity: NormalMajor

comment:10 in reply to:  2 Changed 2 years ago by cypherpunks

Replying to cypherpunks:
My Tor Browser crashed opening a link with

Application Error : The exception Privileged instruction.

(0xc0000096) occurred in the application at location 0x0370ce18.

Click on OK to terminate the program.
Faulting application firefox.exe version 45.8.0.6241,
faulting module xul.dll, version 45.8.0.6241,
fault address 0x0370ce18.

comment:11 Changed 12 months ago by gk

#25929 is a duplicate.

Note: See TracTickets for help on using tickets.