Syzop

**Name of the Vulnerable Software and Affected Versions** UnrealIRCd versions prior to 3.2.10.7 UnrealIRCd versions 4.x prior to 4.0.6 **Description** The issue allows remote attackers to spoof certificate fingerprints, enabling them to log in as another user. This is achieved by crafting the `AUTHENTICATE` parameter. The `m authenticate` function in `modules/m sasl.c` is specifically vulnerable to this type of attack. **Recommendations** For UnrealIRCd versions prior to 3.2.10.7, update to version 3.2.10.7 or later. For UnrealIRCd versions 4.x prior to 4.0.6, update to version 4.0.6 or later. As a temporary workaround, consider restricting access to the `m authenticate` function until a patch is available. Avoid using the `AUTHENTICATE` parameter in a way that could be exploited by attackers.