Ubuntu
telepathy-butterfly package

Password should not be transmitted in clear text

Bug #457942 reported by Gerard Dethier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
telepathy-butterfly (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: telepathy-butterfly
Package version: 0.5.0-0ubuntu3
Distribution: Ubuntu 9.10 Karmic
Architecture: i386

When connecting to an MSN account, password is transmitted in clear text, which is a very bad thing...

See original description
Revision history for this message
Gerard Dethier (g-dethier) wrote :

msnConnection.log contains a snippet of a log generated using following command :
BUTTERFLY_PERSIST=1 BUTTERFLY_DEBUG=all /usr/lib/telepathy/telepathy-butterfly 2>&1 | tee butterfly.log

I extracted the part where password is transmitted to the server and replaced my password by the string "[passwordInClear!]".

Gerard Dethier (g-dethier)
description: updated
Revision history for this message
Gerard Dethier (g-dethier) wrote :

I just realized that I'm wrong. If data given in attached file are transmitted using SSL, there is no problem. After looking at the source code of papyon (0.4.3), it seems to be the case as authentification is done by connecting to https://login.live.com. Sorry for the disturbance.

Changed in telepathy-butterfly (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.