Lucene search
Veracode Vulnerability DatabaseVERACODE:28381HistoryDec 06, 2020 - 4:19 a.m.
Authentication Bypass
2020-12-0604:19:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
charybdis
authentication
bypass
vulnerability
m_authenticate
remote attackers
EPSS
0.011
Percentile
84.6%
charybdis is vulnerable to authentication bypass. The m_authenticate function in modules/m_sasl.c allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a malicious AUTHENTICATE parameter.
References
www.debian.org/security/2016/dsa-3661
www.openwall.com/lists/oss-security/2016/09/04/3
www.openwall.com/lists/oss-security/2016/09/05/8
www.securityfocus.com/bid/92761
github.com/charybdis-ircd/charybdis/blob/charybdis-3.5.3/NEWS.md
github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
security-tracker.debian.org/tracker/CVE-2016-7143
Related
osv
osv
charybdis - security update
2016-09-06 00:00:00
solanum-0~ch448-1.4 on GA media
2024-06-15 00:00:00
charybdis-3.5.3-2.1 on GA media
2024-06-15 00:00:00
nessus
nessus
Debian DSA-3661-1 : charybdis - security update
2016-09-08 00:00:00
nvd
nvd
CVE-2016-7143
2016-09-21 14:25:26
cve
cve
CVE-2016-7143
2016-09-21 14:25:26
cvelist
cvelist
CVE-2016-7143
2016-09-21 14:00:00
debian
debian
[SECURITY] [DSA 3661-1] charybdis security update
2016-09-06 20:14:11
openvas
openvas
Debian: Security Advisory (DSA-3661-1)
2016-09-05 00:00:00
Debian Security Advisory DSA 3661-1 (charybdis - security update)
2016-09-06 00:00:00
prion
prion
Code injection
2016-09-21 14:25:00
ubuntucve
ubuntucve
CVE-2016-7143
2016-09-21 00:00:00
debiancve
debiancve
CVE-2016-7143
2016-09-21 14:25:26