This was reported as an informational finding in the 2020 SecureDrop Workstation audit (TOB-SDW-001):
The TOR_V2_AUTH_COOKIE_REGEX regular expression for validating Tor's v2 auth cookie has an "A-z" character range specified in its character set. This range overlaps with the "a-z" range used in the same character set and also includes characters between the letters "Z" and "a," which are outside of the Tor v2 auth cookie format: "[\]^_ ."`
This was reported as an informational finding in the 2020 SecureDrop Workstation audit (
TOB-SDW-001):