351098 – Unpair requests can be spoofed from any device

Bug 351098 - Unpair requests can be spoofed from any device

Summary: Unpair requests can be spoofed from any device

Status:	RESOLVED FIXED

Alias:	None

Product:	kdeconnect
Classification:	Applications
Component:	common (other bugs)
Version First Reported In:	unspecified
Platform:	Other All

Importance:	NOR normal
Target Milestone:	---
Assignee:	Albert Vaca Cintora

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-08 22:15 UTC by Lennart Grahl
Modified:	2018-07-24 12:25 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Lennart Grahl 2015-08-08 22:15:22 UTC

I'm currently writing an alternative implementation of KDE connect in Python. While going through the code, one thing that catched my attention was that `pair` type messages with `pair` set to `False` (essentially an unpair request) have no challenge or any other sort of mechanism that would prevent other devices from spoofing an unpair request. Has this just been overlooked or is there a specific reason for allowing this?

Reproducible: Always

Comment 1 Albert Vaca Cintora 2015-08-16 01:18:23 UTC

This is indeed a code bug and a security problem. We are working on a re-write of the pairing and encryption code, so we will include a fix for this in the new code. Thanks!