Required CVE Record Information
Description
The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password.
References 5 Total
- lists.ircservices.za.net: [IRCServices] 20070324 Services 5.0.60 released mailing-list
- lists.ircservices.za.net: [IRCServices] 20070324 Regarding Founder Passwords mailing-list
- http://www.ircservices.za.net/Changes.txt
- exchange.xforce.ibmcloud.com: ircservices-doset-privilege-escalation(34945) vdb-entry
- osvdb.org: 41691 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- lists.ircservices.za.net: [IRCServices] 20070324 Services 5.0.60 released mailing-listx_transferred
- lists.ircservices.za.net: [IRCServices] 20070324 Regarding Founder Passwords mailing-listx_transferred
- http://www.ircservices.za.net/Changes.txt x_transferred
- exchange.xforce.ibmcloud.com: ircservices-doset-privilege-escalation(34945) vdb-entryx_transferred
- osvdb.org: 41691 vdb-entryx_transferred