[Pidgin] #11928: Buzz doesn't use OTR encryption

Pidgin trac at pidgin.im
Sun May 16 18:01:21 EDT 2010

#11928: Buzz doesn't use OTR encryption
Reporter:  Archimedes  |        Type:  defect                       
  Status:  new         |   Component:  libpurple                    
 Version:  2.7.0       |    Keywords:  OTR Attention Buzz Encryption
 When using the OTR plugin for secure conversations, the
 Attention/Buzz/Nudge is send in plaintext instead of encrypted (at least
 in jabber, can't tell for other protocols as ICQ doesn't work atm):[[BR]]
 (23:56:30) The following message received from archimedes at jabber.*****.de
 was not encrypted: [Archimedes has buzzed you!]

 Though this is just a minor leak of information, it should still be
 avoided to preserve complete privacy of the conversation.

 I guess this is a libpurple bug, as both the button and the /buzz command
 show this behaviour.

 In a short:

 Steps to reproduce:[[BR]]
 1. Start a chat[[BR]]
 2. Enable OTR[[BR]]
 3. Send /buzz or click "Attention!" Button

 What happes:[[BR]]
 Buddy gets an *unencrypted* buzz message

 What is expected:[[BR]]
 Buddy gets an *encrypted* buzz message[[BR]]

Ticket URL: <http://developer.pidgin.im/ticket/11928>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list