View Issue Details

IDProjectCategoryView StatusLast Update
0005108unrealircdpublic2018-09-02 11:25
ReportersyzopAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version4.0.18 
Target Version4.2.0Fixed in Version4.2.0 
Summary0005108: plaintext-policy: permit localhost oper/client
DescriptionFor the OPER and client SSL-only restriction, it may be useful to exempt localhost here as well, just like we did for server connections.
This allows things like BOPM/HOPM via localhost while still requiring SSL for non-localhost.
TagsNo tags attached.
3rd party modules

Activities

syzop

2018-09-02 11:25

administrator   ~0020244

https://github.com/unrealircd/unrealircd/commit/b1b73e0e562664375d772c179d79a96be39f070e

commit b1b73e0e562664375d772c179d79a96be39f070e (HEAD -> unreal40, origin/unreal40, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Sep 2 11:24:19 2018 +0200

    * Localhost connections are considered secure, so these can be used even
      if you have a plaintext-policy of 'deny' or 'warn'. (This was already
      the case for servers, but now also for users and opers)
    https://bugs.unrealircd.org/view.php?id=5108

Issue History

Date Modified Username Field Change
2018-06-23 08:36 syzop New Issue
2018-06-23 08:38 syzop Status new => acknowledged
2018-06-23 08:38 syzop Target Version => 4.2.0
2018-07-14 16:35 syzop Sticky Issue No => Yes
2018-09-02 11:25 syzop Assigned To => syzop
2018-09-02 11:25 syzop Status acknowledged => resolved
2018-09-02 11:25 syzop Resolution open => fixed
2018-09-02 11:25 syzop Fixed in Version => 4.2.0
2018-09-02 11:25 syzop Note Added: 0020244