Opened 9 years ago

Closed 8 years ago

#3454 closed defect (fixed)

Using real JID in MUC for getting info

Reported by: shir Owned by: asterix
Priority: normal Milestone: 0.12
Component: None Version: hg
Severity: critical Keywords:
Cc: Blocked By:
Blocking: OS: All


If in MUC i konw real JID of user, then for getting info Gajim use my real JID for getting vCard and status info. So user in MUC can know my real JID.

Change History (8)

comment:1 follow-ups: Changed 9 years ago by asterix

vcard are requestd to user's server, not to user directly. So he can't know your real JID with vcard. But he ca cause we also request OS information and Client information.

We did that cause some MUC components don't forward vcard request, so we can't see avatars, even in non-anonymous rooms. see [67c0422119e2169170a34e87ef2f524bfdf79eec]

comment:2 in reply to: ↑ 1 Changed 9 years ago by anonymous

In one of MUC where im am a moderator, user know my real JID. He said that he had requests about him status from my real jid, but i don't have this user in my roster? only in this MUC.

comment:3 Changed 9 years ago by asterix

you're riht it's what is explained in XEP-045

comment:4 Changed 9 years ago by shir

There saying that uer must send him jid to moderator? but moderator musn't send him jid to user.

comment:5 in reply to: ↑ 1 Changed 9 years ago by Jim++

comment:6 Changed 9 years ago by Jim++

  • Milestone set to 0.12
  • Severity changed from normal to critical
  • Version set to svn

comment:7 Changed 9 years ago by anonymous

This is a serious security flaw. I am admin of a semi-anonymous room, in which I banned one participant for causing trouble.

This person sought revenge by flooding me with thousands of messages *direct to my JID*, which he easily discovered because of this bug.

In an anonymous room this does not matter, but the XEP says for a semi-anonymous room (where only admins and moderators can see JIDs) that:

"If an occupant wants to send an IQ stanza to another user in a semi-anonymous room, the sender can direct the stanza to the recipient's room JID and the service MAY forward the stanza to the recipient's real JID. However, a MUC service MUST NOT reveal the sender's real JID to the recipient at any time, nor reveal the recipient's real JID to the sender."

This may/may not apply to vCards, where you actually send an IQ to the user's server. Only if the user has access to the server can they find your JID then. This is a trade-off between being able to see some people's avatars, or preserving your anonymity.

I hope there are now no doubts that this should be fixed immediately.

comment:8 Changed 8 years ago by asterix

  • Resolution set to fixed
  • Status changed from new to closed

(In [edbc4015de6e1472ab18f063ed29c455103ed77b]) don't request jabber:iq:last and jabber:iq:version to real jid in a (semi) anonymous room, even if we're moderator and we know the real JID. Fixes #3454

Note: See TracTickets for help on using tickets.