View Issue Details

IDProjectCategoryView StatusLast Update
0003372unrealircdpublic2019-10-14 15:09
ReporterStealthAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionfixed 
Platform*OS*OS Version*
Product Version3.3-alpha0 
Target VersionFixed in Version5.0.0-beta1 
Summary0003372: Assume password is sent when allow::password is sslclientcert and client is SSL
DescriptionInteresting thought I had, was to assume there was a password sent when a user connects with SSL, and matches an allow block that auths with the cert.

Seems kinda pointless when setting up a private server to use SSL auth and still tell the users they need to send something as a password
TagsNo tags attached.
3rd party modules

Activities

syzop

2019-10-14 15:09

administrator   ~0020968

Added 12,5 years later:

commit 446f9a89c364a57e584754b1a9ffebeb29a0dec6 (HEAD -> unreal50)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Mon Oct 14 15:08:37 2019 +0200

    Assume password is sent when allow::password is cert/certfp and client
    has a SSL/TLS fingerprint. Reported by Stealth in:
    https://bugs.unrealircd.org/view.php?id=3372

Issue History

Date Modified Username Field Change
2007-05-29 18:59 Stealth New Issue
2007-05-30 04:46 stskeeps Status new => acknowledged
2015-08-08 17:52 syzop Severity minor => feature
2019-10-14 15:09 syzop Assigned To => syzop
2019-10-14 15:09 syzop Status acknowledged => resolved
2019-10-14 15:09 syzop Resolution open => fixed
2019-10-14 15:09 syzop Fixed in Version => 5.0.0-beta1
2019-10-14 15:09 syzop Note Added: 0020968