[Pidgin] #15467: Unsecure HTTP traffic with Yahoo! protocol
Pidgin
trac at pidgin.im
Tue Jan 15 17:32:55 EST 2013
#15467: Unsecure HTTP traffic with Yahoo! protocol
--------------------+---------------------------------
Reporter: ov1d1u | Owner: sulabh.dev
Type: defect | Status: new
Milestone: | Component: Yahoo!/Yahoo! JAPAN
Version: 2.10.6 | Keywords:
--------------------+---------------------------------
Sorry if this is a duplicate, but I didn't found anything related to this
issue.
Today I was playing with [http://droidsheep.de/?page_id=263 Droidsheep]
when I found that the application sniffs some session info (cookies) sent
over HTTP while using Pidgin. I don't know why is this happening and which
URL is accessed (the sniffer doesn't show that), but the only Yahoo-
related application runing was Pidgin. The big problem here, I guess, is
that Pidgin is using HTTP instead of HTTPS for this communication with
Yahoo, which gave me access to this account and allowed me to read its
emails, for example. Sorry because I can't provide more details, I don't
have Wireshark right now so I can't tell which URL is Pidgin accessing
when I done this.
Also I'm sorry for my english - this isn't my native language. Hope that
this isn't a duplicate or an invalid bug report.
Regards,
Ovidiu.
--
Ticket URL: <https://developer.pidgin.im/ticket/15467>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list