Antoine Beaupré

**Name of the Vulnerable Software and Affected Versions** InspIRCd versions prior to 2.0.23 **Description** The issue allows remote attackers to spoof certificate fingerprints, enabling them to log in as another user by sending a crafted SASL message when the m sasl module is used with a service that supports SASL EXTERNAL authentication. **Recommendations** For versions prior to 2.0.23, update to version 2.0.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Charybdis versions prior to 3.5.3 **Description** The issue allows remote attackers to spoof certificate fingerprints, enabling them to log in as another user. This is achieved by crafting the `AUTHENTICATE` parameter. The `m authenticate` function in `modules/m sasl.c` is specifically vulnerable to this type of attack. **Recommendations** For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `m authenticate` function until a patch is applied. Avoid using the crafted `AUTHENTICATE` parameter in the affected module until the issue is resolved.