Opened at 2011-10-03T16:08:32Z
Closed at 2015-08-11T06:52:39Z
#835 closed defect (fixed)
an attacker can spoof color codes
| Reported by: | pesco | Owned by: | pesco |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | OTR | Version: | 3.0.3 |
| Keywords: | Cc: | wilmer | |
| IRC client+version: | Client-independent | Operating System: | Public server |
| OS version/distro: |
Description
even though the encryption/trust state of OTR connections is announced explicitly, an attacker might trick a careless user by including the appropriate color codes in his messages in-band.
options:
a) let the otr plugin strip all color codes from all messages, even and specifically unencrypted ones.
NOTE: this option is only viable as long as we don't support yet other ways to color messages, e.g. HTML <font> tags or something.
b) like a) but only do the stripping when otr_color_encrypted is set; possibly change the default setting to false.
c) remove otr message coloring.
subject to the NOTE above, i guess i'd vote for option a), since mIRC color codes are hardly a feature one relies on to be supported on IM connections. i would be content with b) and c) as well, though. wilmer, please advise!
Attachments (0)
Change History (2)
comment:1 Changed at 2012-01-29T22:22:49Z by
comment:2 Changed at 2015-08-11T06:52:39Z by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in https://github.com/bitlbee/bitlbee/commit/86fd261eb78c78dc6f2deba206f70471ebc07c73
Went with method a, and the laziest possible way of stripping messages, replacing '\x03' with '?' in-place. It's effective enough.
Don't you think it's enough that you'll get a message like "-user(user@…)- conversation is now off the record (trusted)" when you start an otr encrypted conversation? You should never rely on the design of something.