CVE-2016-7144

Name of the Vulnerable Software and Affected Versions UnrealIRCd versions prior to 3.2.10.7 UnrealIRCd versions 4.x prior to 4.0.6

Description The issue allows remote attackers to spoof certificate fingerprints, enabling them to log in as another user. This is achieved by crafting the AUTHENTICATE parameter. The m authenticate function in modules/m sasl.c is specifically vulnerable to this type of attack.

Recommendations For UnrealIRCd versions prior to 3.2.10.7, update to version 3.2.10.7 or later. For UnrealIRCd versions 4.x prior to 4.0.6, update to version 4.0.6 or later. As a temporary workaround, consider restricting access to the m authenticate function until a patch is available. Avoid using the AUTHENTICATE parameter in a way that could be exploited by attackers.