[Adium-devl] Security Hole? Fwd: Adium Query
David Smith
catfish.man at gmail.com
Fri Feb 3 10:00:38 UTC 2006
I just received the following email. It seems like a fairly major
hole, if true. http://trac.adiumx.com/ticket/2952 was filed about it.
David
Begin forwarded message:
> Recently whilst running the latest version of adium a friend of
> mine was
> able to do a massinvite, whereby all my private contacts where
> forced into a
> multi-user chat. I was told he used tirllian to do this.
The original description on the ticket:
Was in a group chat with 2 friends who are authorised contacts. One
of which executed a mass invite (somehow) at which point a good
majority of my contacts were forced into the same multiuser chat.
From chatting with 2 people, it ended up a chat environment with 35
odd clients.
I WAS LIKE OMFG!...... Apparantely the code was executed using a
trillian plugin???????
More information about the devel
mailing list