View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004283||unreal||ircd||public||2014-03-14 01:14||2014-03-14 01:14|
|Fixed in Version||3.4-alpha1|
|Summary||0004283: CAP Negotiation can be used to bypass PING cookie|
|Description||Summary says it all really but basically a client can send CAP LS, NICK, USER, CAP END and not have to send PONG <cookie> to connect. Allowing malicious code to bypass the PING cookie IP spoof protection.|
|Steps To Reproduce||telnet <server> 6667|
USER User meh meh :Gecos
|Tags||No tags attached.|
|3rd party modules|
Fortunately 99% of the people run OS's that have no (known) weak ISN.
Still, this also means HTTP POST protection can be bypassed, oh well.. actually not.. because that's caught by another module ;p.
Still.. should be fixed. nenolod? you added the code, so you probably know where the problem lies.
Btw, I would swear I tested this, because it was so logical that this would happen :p.
I think it should be fixed out of principle if nothing else, its still a weakness even if it is minor.
My 2¢ :)