[Pidgin] #14830: dbus information leakage
Pidgin
trac at pidgin.im
Tue Dec 20 07:15:18 EST 2011
#14830: dbus information leakage
--------------------------+-------------------------------------------------
Reporter: dfunc | Owner: rekkanoryo
Type: defect | Status: new
Component: unclassified | Version: 2.10.0
Keywords: |
--------------------------+-------------------------------------------------
Pidgin transmits sensitive information (such as OTR plaintexts) over DBUS.
An attacker that has compromised any application that runs within the same
"X session" can easily snoop on this sensitive information by means of a
dbus session monitor.
Related posts:
http://pidgin.im/pipermail/devel/2011-December/010519.html
http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html
--
Ticket URL: <http://developer.pidgin.im/ticket/14830>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list