» from archive
census | Pidgin OTR information leakage -
2012-02-25 22:31:41 GMT
"census ID: census-2012-0001 CVE ID: CVE-2012-1257 Affected Products: All versions of pidgin (≤ 2.10.1) and pidgin-otr (≤ 3.2.0) on systems that support DBUS"
«If Pidgin is compiled with DBUS support and there is a DBUS session daemon running on the system, then all messages that are typed into Pidgin and messages received through Pidgin are broadcasted on DBUS. The reasoning behind this is to allow for third party applications, such as desktop widgets to process these messages (e.g. create an animation when a message arrives). However, among the messages transmitted over DBUS one also finds the plaintext form of OTR conversations.»
Best of Mokum