[Pidgin] #11928: Buzz doesn't use OTR encryption
Pidgin
trac at pidgin.im
Sun May 16 18:01:21 EDT 2010
#11928: Buzz doesn't use OTR encryption
-----------------------+----------------------------------------------------
Reporter: Archimedes | Type: defect
Status: new | Component: libpurple
Version: 2.7.0 | Keywords: OTR Attention Buzz Encryption
-----------------------+----------------------------------------------------
When using the OTR plugin for secure conversations, the
Attention/Buzz/Nudge is send in plaintext instead of encrypted (at least
in jabber, can't tell for other protocols as ICQ doesn't work atm):[[BR]]
(23:56:30) The following message received from archimedes at jabber.*****.de
was not encrypted: [Archimedes has buzzed you!]
Though this is just a minor leak of information, it should still be
avoided to preserve complete privacy of the conversation.
I guess this is a libpurple bug, as both the button and the /buzz command
show this behaviour.
In a short:
Steps to reproduce:[[BR]]
1. Start a chat[[BR]]
2. Enable OTR[[BR]]
3. Send /buzz or click "Attention!" Button
What happes:[[BR]]
Buddy gets an *unencrypted* buzz message
What is expected:[[BR]]
Buddy gets an *encrypted* buzz message[[BR]]
--
Ticket URL: <http://developer.pidgin.im/ticket/11928>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list