[Pidgin] #15467: Unsecure HTTP traffic with Yahoo! protocol

Pidgin trac at pidgin.im
Tue Jan 15 17:32:55 EST 2013


#15467: Unsecure HTTP traffic with Yahoo! protocol
--------------------+---------------------------------
 Reporter:  ov1d1u  |      Owner:  sulabh.dev
     Type:  defect  |     Status:  new
Milestone:          |  Component:  Yahoo!/Yahoo! JAPAN
  Version:  2.10.6  |   Keywords:
--------------------+---------------------------------
 Sorry if this is a duplicate, but I didn't found anything related to this
 issue.

 Today I was playing with [http://droidsheep.de/?page_id=263 Droidsheep]
 when I found that the application sniffs some session info (cookies) sent
 over HTTP while using Pidgin. I don't know why is this happening and which
 URL is accessed (the sniffer doesn't show that), but the only Yahoo-
 related application runing was Pidgin. The big problem here, I guess, is
 that Pidgin is using HTTP instead of HTTPS for this communication with
 Yahoo, which gave me access to this account and allowed me to read its
 emails, for example. Sorry because I can't provide more details, I don't
 have Wireshark right now so I can't tell which URL is Pidgin accessing
 when I done this.

 Also I'm sorry for my english - this isn't my native language. Hope that
 this isn't a duplicate or an invalid bug report.

 Regards,
 Ovidiu.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15467>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list