Pidgin and Windows Live Messenger
Lord Flame Stryke
flamestryke at gmail.com
Tue Mar 25 07:36:04 EDT 2014
I have found a definite security flaw with Windows Live Messenger when using Pidgin. I have already sent an email to Microsoft to inform them of this.
In Pidgin, when disallowing multiple logins, Pidgin becomes the sole location that can be logged in. When attempting to operate remotely, I could not log in on any other device, so I could not disconnect Pidgin. In an attempt to log out of Pidgin, I logged in to the Windows Live site and changed my password, however Pidgin did not log out and, in fact, is currently sitting open on my desktop logged in without my having changed the password within Pidgin.
My concern is that, should someone gain access to my account, or to any other user's account, they would be able to disallow multiple logins and essentially hijack the account. I believe this presents a serious security flaw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140325/88503290/attachment.html>
More information about the security
mailing list