[Pidgin] #14830: dbus information leakage

Pidgin trac at pidgin.im
Tue Dec 20 07:15:18 EST 2011

#14830: dbus information leakage
 Reporter:  dfunc         |     Owner:  rekkanoryo
     Type:  defect        |    Status:  new       
Component:  unclassified  |   Version:  2.10.0    
 Keywords:                |  
 Pidgin transmits sensitive information (such as OTR plaintexts) over DBUS.
 An attacker that has compromised any application that runs within the same
 "X session" can easily snoop on this sensitive information by means of a
 dbus session monitor.

 Related posts:

Ticket URL: <http://developer.pidgin.im/ticket/14830>
Pidgin <http://pidgin.im>

More information about the security mailing list