[Bug 787990] Re: Kopete OTR leaks unencrypted messages
Bug Watch Updater
787990 at bugs.launchpad.net
Sat Jun 11 21:25:35 UTC 2016
Launchpad has imported 3 comments from the remote bug at
https://bugs.kde.org/show_bug.cgi?id=274099.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2011-05-25T13:00:28+00:00 Thomasdn wrote:
Version: SVN (using Devel)
OS: Linux
I use Kopete with the OTR (Off the Record) plugin enabled.
OTR is a cryptographic protocol that provides strong encryption for instant messaging conversations. The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing.
I have set OTR policy to Always and so has the other part I am
communicating with. We both use Kubuntu 11.04 (but this was a problem in
earlier versions as well).
Even though we have set OTR to be used always, OTR leaks clear text
messages. This is extremely troublesome, since the purpose of the
software is to keep messages confidential.
This happens often with the first message sent/received in a
conversation, but also (seemingly) randomly during conversations.
Steps to reproduce:
1: On computer A, start Kopete with OTR enabled on a Jabber account. Set OTR policy to Always.
2: On computer B, start Kopete with OTR enabled on a Jabber account. Set OTR policy to Always.
3: From A, start a conversation with person on B.
4: Notice warnings on the receiving chat window like this:
(10:38:26) #
The following message received from REMOVED at gmail.com was not encrypted: [HELLO]
5: On the sending chat window:
(10:45:16) #
OTR Error: You sent encrypted data to REMOVED at gmail.com, who wasn't expecting it.
(10:45:17) #
OTR connection refreshed successfully.
(10:45:17) #
The last message to REMOVED at gmail.com was resent.
This only happens sometimes. I am not sure what exactly triggers this,
but it is a big problem.
One case that does seem to trigger it is if A starts chat with B, then B
closes Kopete while A keeps chat window open. B then starts kopete and
writes to A. This will often result in B's message being sent
unencrypted.
Reproducible: Didn't try
Reply at:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/787990/comments/1
------------------------------------------------------------------------
On 2011-08-16T07:10:08+00:00 Christian Iversen wrote:
Yes, I'm seeing this as well!
It is really quite worrisome, as this is _exactly_ what OTR is design to
prevent. It happens even when my encryption policy is "always", in which
case OTR should never, ever send an unencrypted transmission.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/787990/comments/3
------------------------------------------------------------------------
On 2016-06-11T14:42:45+00:00 Francois-gerin wrote:
Confirmed on my side too... Much later on, with kopete 1.6.60 / debian
jessie.
Due to the craziness of this security issue, and since it seems very old
while not even beging flagged as confirmed, I must remove kopete from my
applications, sorry.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/787990/comments/4
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdenetwork in Ubuntu.
https://bugs.launchpad.net/bugs/787990
Title:
Kopete OTR leaks unencrypted messages
To manage notifications about this bug go to:
https://bugs.launchpad.net/kdenetwork/+bug/787990/+subscriptions
More information about the kubuntu-bugs
mailing list