PT-2022-17023 · Unknown+2 · Atheme Irc Services+2

Ed Kellett

Published

2022-02-13

Updated

2024-06-15

CVE-2022-24976

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Atheme IRC Services versions prior to 7.2.12

Description The issue allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence when Atheme IRC Services is used in conjunction with InspIRCd.

Recommendations For versions prior to 7.2.12, update to version 7.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the challenge-response login sequence to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-24976

OPENSUSE-SU-2022:10018-1

OPENSUSE-SU-2022:10019-1

OPENSUSE-SU-2024:11848-1

Affected Products

Atheme Irc Services

Debian

Inspircd

PT-2022-17023 · Unknown+2 · Atheme Irc Services+2

CVE-2022-24976

Weakness Enumeration

Related Identifiers

Affected Products

References · 21