piranna / okcupid-pidgin

Automatically exported from code.google.com/p/okcupid-pidgin
GNU General Public License v3.0
0 stars 1 forks source link

privacy: account password logged in plaintext #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The argument list from the form submitted to OkCupid containing the
username and password is written in plaintext to the logfile.  As that log
sometimes gets posted in troubleshooting it really ought not to include
passwords.

What steps will reproduce the problem?
1. Pidgin main window: Help, Debug Window
2. (wait) 
3. Pidgin debug window: save.

What is the expected output? What do you see instead?
User-Agent: Opera/9.50 (Windows NT 5.1; U; en-GB)
Content-Type: application/x-www-form-urlencoded
Content-length: 63
Accept: */*
Cookie: 
Accept-Encoding: gzip
Accept-Language: en, C
(16:56:09) okcupid: sending request data:
p=&username=tactileslut&password=**omitted**&forever=on&submit=Login

What version of the product are you using? On what operating system?
D:\Apps\Pidgin 2.6.2\plugins>dir libok*
08/02/2009  12:00 AM           203,310 libokcupid-debug_2009-08-01.dll
libokcupid: Un-numbered debug version released 2009-Aug-01.  
pidgin: 2.6.2.
OS: Windows Vista.

Original issue reported on code.google.com by duncanca...@gmail.com on 12 Sep 2009 at 1:57

GoogleCodeExporter commented 9 years ago
This is fixed in the next version, which also uses SSL to sign-in (no more 
man-in-the-
middle attacks)

Original comment by eionrobb on 25 Feb 2010 at 11:46