[Pidgin] #14830: dbus information leakage
Mark Doliner
mark at kingant.net
Wed Dec 21 01:56:05 EST 2011
My thoughts on this are that it doesn't need to be treated as a
security problem because it requires local user access.
--Mark
On Tue, Dec 20, 2011 at 4:15 AM, Pidgin <trac at pidgin.im> wrote:
> #14830: dbus information leakage
> --------------------------+-------------------------------------------------
> Reporter: dfunc | Owner: rekkanoryo
> Type: defect | Status: new
> Component: unclassified | Version: 2.10.0
> Keywords: |
> --------------------------+-------------------------------------------------
> Pidgin transmits sensitive information (such as OTR plaintexts) over DBUS.
> An attacker that has compromised any application that runs within the same
> "X session" can easily snoop on this sensitive information by means of a
> dbus session monitor.
>
> Related posts:
> http://pidgin.im/pipermail/devel/2011-December/010519.html
> http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html
>
> --
> Ticket URL: <http://developer.pidgin.im/ticket/14830>
> Pidgin <http://pidgin.im>
> Pidgin
> _______________________________________________
> security mailing list
> security at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/security
More information about the security
mailing list