View Issue Details

IDProjectCategoryView StatusLast Update
0001377Anope Development (1.9.x series)Chanservpublic2012-02-19 00:23
Reporterzenit Assigned ToAdam  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSDebian 
Summary0001377: serious security failure
DescriptionWhen you add a nickname to the access list and that nick is not registered, is added to the access list as: nick!*@*. Any person entering with that nick @ unregistered received in the channel. I think it is a serious security failure.

CHaN- Access list for #Channel:
CHaN- Number Level Mask
CHaN- 1 10 FON
CHaN- 2 5 Rovsii
CHaN- 3 5 jdack_kalo
CHaN- 4 5 yulisa
CHaN- 5 5 CovRaL
CHaN- 6 5 rexulako-xulo!*@*
CHaN- 7 10 PROvHIBIDA
CHaN- 8 10 rubi
CHaN- 9 5 marresita!*@*
CHaN- 10 5 byujitaa
CHaN- 11 10 MALU
CHaN- 12 5 X
CHaN- 13 5 MUSA_KALI
CHaN- 14 5 KAPEvRUCIvTA
CHaN- 15 5 LvA_SIN_LEY
CHaN- End of access list

Nicks rexulako-xulo!*@* And marresita!*@* are not registered and can be added to the access list, @ Automatically receive when they enter the channel.


Anope 1.9.6
TagsNo tags attached.

Activities

Adam

2012-02-19 00:23

administrator   ~0006084

OK I've changed this in 1536c5cf60dd183fb5c98651decde381a91ada44 to add the displayed host of the user to the access list if they are not registered, and if no such user is online it will error with the standard Nick x is not registered. This is hardly a "serious security failure" though.

zenit

2012-02-11 00:17

reporter   ~0006083

noita!hola@ip added to #ChatGratis access list at level 5.

*** Joins: noita (ChatPolis@GrupoChatGratis-495.40n.0iljsv.IP)


-CHaN- noita!ChatPolis@* added to #ChatGratis access list at level 5.

*** CHaN sets mode: +o noita

This should not be so, if a nick is not registered, by adding access should leave: This nick not registered

Adam

2012-02-10 22:26

administrator   ~0006082

This is intentional. Remove it and add back an entry using ident/host/something more secure?

Issue History

Date Modified Username Field Change
2012-02-10 22:12 zenit New Issue
2012-02-10 22:26 Adam Note Added: 0006082
2012-02-11 00:17 zenit Note Added: 0006083
2012-02-11 01:00 Adam Assigned To => Adam
2012-02-11 01:00 Adam Priority urgent => normal
2012-02-11 01:00 Adam Status new => acknowledged
2012-02-19 00:23 Adam Note Added: 0006084
2012-02-19 00:23 Adam Severity major => minor
2012-02-19 00:23 Adam Status acknowledged => resolved
2012-02-19 00:23 Adam Resolution open => fixed