Security Isseus

Security isseu with Pidgin.

This just in:

A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks.

The problem is that the certificate presented by e.g. a Jabber server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack.

Successful exploitation requires that Pidgin is configured to use the NSS plugin.

The security issue is reported in version 2.4.3. Other versions may also be affected.

Source:secunia.com

The solution according to Secunia is to not trust an applications ssl certificates. I’m sure the Pidgin team is working on a serious solution and will post it to there website a.s.a.p..

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by: Wordpress