CVE-2016-7142

Published: Sep 26, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.inspircd.org/2016/09/03/v2023-released.html

x_refsource_CONFIRM

https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a

x_refsource_CONFIRM

[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis

mailing-list

x_refsource_MLIST

[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis

mailing-list

x_refsource_MLIST

DSA-3662

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-7142

Description

Affected Products

References