Mxsa

**Name of the Vulnerable Software and Affected Versions** IR Rd versions 4.2.0 through 4.2.2 **Description** The issue is related to the Internet Routing Registry daemon version 4, which is an IRR database server processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorized changes to affected IRR objects. The issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. **Recommendations** For IRRd versions 4.2.0 through 4.2.2, users are strongly recommended to upgrade to version 4.2.3 or the main branch. As a temporary workaround, consider restricting access to the `auth` field on `mntner` objects and the `objectText` field on the `journal` field on `mntner` objects to minimize the risk of exploitation. Alternatively, but not recommended, apply the patch manually for version 4.2.x.