Author Topic: BIG flaw in OTR plugin: Unverified fingerprints are verified after a restart  (Read 7949 times)

0 Members and 1 Guest are viewing this topic.

Offline Testertime

Hello! I have found a bug in the OTR plugin (wiki.miranda-ng.org/index.php?title=Plugin:MirOTR/en) which isn't very cool, and at first I was confused about it, but found out that it's a bug after all. If someone contacts me and has a new OTR fingerprint, and I'm not verifying it, it is verified after a Miranda NG restart anyway. (look at "Options", "OTR" and "Fingerprints")
I'm using the latest stable version of Miranda NG and the OTR plugin. I had tested the latest unstable development version of Miranda NG and the OTR plugin, but it's the same there. I can confirm the bug both in Windows 7 and Windows XP.

You can also test it by setting a fingerprint to "unknown", and after a program restart it's verified again. Pretty strange. Does anyone have seen this bug before? :-[

Thank you in advance!
 

Offline Robyer

Hi Testertime,
I checked it and it's not really a security flaw, but just Miranda's options problem. Really that fingerprint is still untrusted (you can check it by opening /Profiles/<profile>/MirOTR/otr.fingerprints file). It was just wrongly showing it in that list in options. I've just fixed that. ;)
I was developing mainly Facebook, Omegle, Steam, Dummy and MobileState plugins. Now I'm retired. Goodbye, everyone. ~ You can still find me on Facebook.
 

Offline Testertime

Thanks a lot for this very quick answer AND fix! ;D I'm very impressed, and excited to see when it's available at the plugin wiki page. Doesn't seem to have an updated version so far. And good to know that it was only an interface bug.
« Last Edit: 08 03 2015, 23:24:40 by Testertime »
 

Offline Robyer

when it's available at the plugin wiki page. Doesn't seem to have an updated version so far.

Development builds are compiled every day in night time, so today it should be available via Plugin Updater or manual download. :)
I was developing mainly Facebook, Omegle, Steam, Dummy and MobileState plugins. Now I'm retired. Goodbye, everyone. ~ You can still find me on Facebook.
 

Offline Testertime

I have downloaded the "current" OTR plugin package again, and I can confirm your fix as well now. I'm still amazed of your fast response and fix, I wish I could donate for it now. ;D But a last question, when is it going to be in the stable version?

Thank you again!
 

Offline watcher

Testertime, well - when stable version is released  ;D It might take some time.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline Robyer

I'm still amazed of your fast response and fix, I wish I could donate for it now. ;D

If you want to donate to ME, now you can use link in my signature. Project Miranda NG as a whole doesn't receive donations, but you can donate your own time to help with various stuff :)

And about new stable answered watcher already. Once in a while whole development branch become stable, it's just like that :D
I was developing mainly Facebook, Omegle, Steam, Dummy and MobileState plugins. Now I'm retired. Goodbye, everyone. ~ You can still find me on Facebook.
 

Offline Testertime

Good to know again! Thank you both Robyer and watcher for your friendly and helpful answers.

And Robyer, you got a small appreciation from me. It's not the world, but I hope it's a very good sign for you that I'm thankful that people with your knowledge care about this project and bug reports. I can't help with coding, but I will at least let you know if I'm seeing a bug again.
 

Offline Robyer

And Robyer, you got a small appreciation from me.
Thank you, I appreciate it :)
I was developing mainly Facebook, Omegle, Steam, Dummy and MobileState plugins. Now I'm retired. Goodbye, everyone. ~ You can still find me on Facebook.