InspIRCd < 2.0.23 'm_sasl' Module SASL_EXTERNAL Authentication Spoofing Vulnerability

InspIRCd is prone to an authentication spoofing vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

CVE-2016-7142

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

Authentication flaw

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

CVE-2016-7142

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

CVE-2016-7142

CVE-2016-7142 describes an authentication spoofing flaw in the InspIRCd m_sasl module prior to 2.0.23 when used with a SASL_EXTERNAL service. A remote attacker can craft a SASL message to spoof certificate fingerprints and log in as another user. Multiple connected sources (OSV entries and NVD) c...