Description
Impact
Medium
Details
Due to the absence of an IV filter in our Shadowsocks client implementation, shadowsocks-windows is subject to replay attacks that could potentially be used to identify the existence of the Shadowsocks client or server.
Lack of replay protection on the client side is not as severe as it is on the server side. But we still consider it a basic requirement for Shadowsocks client implementations.
Related Information
- https://gfw.report/blog/gfw_shadowsocks/
- Shadowsocks AEAD 加密方式设计存在严重漏洞,无法保证通信内容的可靠性 shadowsocks-org#183
Affected Versions
All versions.
Resolution
We advise that users switch to implementations with an IV filter in place, such as shadowsocks-rust, and go-shadowsocks2. V2ray, Xray, and clash are known to not have the necessary protection, and therefore should not be used to interact directly with a Shadowsocks server.
Since we can barely keep up with what we've planned for version 5, we are considering switching to shadowsocks-rust as the default backend in our next major release. Shadowsocks-rust is being actively maintained, and has been used by shadowsocks-android as the backend since last year. I have recently done some benchmarks on several client implementations, and the results show good performance with shadowsocks-rust that we could've never reached on .NET.