Menu
▾
▴
#27 Pidgin buzz is not encrypted
Hi,
I noticed, that buzzing someone in Pidgin using OTR is not encrypted.
The bug report below is copied from Archimedes ticket under
https://developer.pidgin.im/ticket/11928
It was closed, because "This issue is caused by a third party plugin."
When using the OTR plugin for secure conversations, the
Attention/Buzz/Nudge? is send in plaintext instead of encrypted (at
least in jabber, can't tell for other protocols as ICQ doesn't work atm):
(23:56:30) The following message received from archimedes@jabber.*.de
was not encrypted: [Archimedes has buzzed you!]
Though this is just a minor leak of information, it should still be
avoided to preserve complete privacy of the conversation.
I guess this is a libpurple bug, as both the button and the /buzz
command show this behaviour.
In a short:
Steps to reproduce:
Start a chat Enable OTR Send /buzz or click "Attention!" Button
What happes:
Buddy gets an unencrypted buzz message
What is expected:
Buddy gets an encrypted buzz message