Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
References
Link | Resource |
---|---|
https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 | Patch Third Party Advisory |
https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12 | Patch Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/01/30/4 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-13T06:20:02
Updated: 2022-02-13T06:20:02
Reserved: 2022-02-13T00:00:00
Link: CVE-2022-24976
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-14T12:15:27.680
Modified: 2022-02-23T15:51:09.573
Link: CVE-2022-24976
JSON object: View
Redhat Information
No data.
CWE