linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1390988] Re: Username spoofing in chat

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: eMTee <1390988@xxxxxxxxxxxxxxxxxx>
Date: Sun, 07 Nov 2021 14:41:36 -0000
Reply-to: Bug 1390988 <1390988@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

I cannot reproduce this in any NMDC hubs I tried (e.g. PtokaX DC Hub
0.5.2.1) with two users using the latest DC++ version, one with the nick
"nick" and the other set to "nick>"; then I tested with one of the
client's nick set to "hubbot_name>". In both cases the nicks displayed
with the ">" symbol at the end changed to "_" and can be perfectly
distinguished in both clients.

The behavior described in this report should have already been fixed
with https://bazaar.launchpad.net/~dcplusplus-
team/dcplusplus/trunk/revision/611/client/NmdcHub.cpp#client/NmdcHub.cpp
and the fix is released with DC++ 0.692 so I'm not sure how this can
happen in 0.843 or any newer version.

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1390988

Title:
  Username spoofing in chat

Status in DC++:
  New

Bug description:
  ">" symbol at the end of a username gets stripped off while being
  displayed in public/private chat. So this will allow impersonation of
  users on chat. Check the attached screenshot. By connecting to the hub
  with the username "PtokaX>" (NMDC), all my public/private chat
  messages will appear to dcplusplus users as if they are from "PtokaX"
  itself.

  Version: 0.843
  Hub software used for testing: PtokaX 0.5.0.2
  OS: Windows XP SP3

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1390988/+subscriptions

References

[Bug 1390988] [NEW] Username spoofing in chat
From: tunnelshade, 2014-11-09