View Issue Details

IDProjectCategoryView StatusLast Update
0004283unrealircdpublic2014-03-14 01:14
Reporterpeterkingalexander Assigned Tonenolod 
Status resolvedResolutionfixed 
Product Version3.2.10.1 
Fixed in Version3.4-alpha1 
Summary0004283: CAP Negotiation can be used to bypass PING cookie
DescriptionSummary says it all really but basically a client can send CAP LS, NICK, USER, CAP END and not have to send PONG <cookie> to connect. Allowing malicious code to bypass the PING cookie IP spoof protection.
Steps To Reproducetelnet <server> 6667
NICK SomeNick
USER User meh meh :Gecos
TagsNo tags attached.
3rd party modules



2013-06-26 20:24

administrator   ~0018008

Fortunately 99% of the people run OS's that have no (known) weak ISN.

Still, this also means HTTP POST protection can be bypassed, oh well.. actually not.. because that's caught by another module ;p.

Still.. should be fixed. nenolod? you added the code, so you probably know where the problem lies.

Btw, I would swear I tested this, because it was so logical that this would happen :p.


2013-08-05 02:13

reporter   ~0018009


I think it should be fixed out of principle if nothing else, its still a weakness even if it is minor.

My 2ยข :)


2013-09-21 08:08

reporter   ~0018010

Issue History

Date Modified Username Field Change
2014-03-14 01:14 peterkingalexander New Issue
2014-03-14 01:14 peterkingalexander Issue generated from: 0004222