[IRCServices Coding] possible bug in 5.0.28 and below?
Andrew Church
achurch at achurch.org
Wed Mar 31 20:46:02 PST 2004
Fixed for 5.0.30, thanks for the report.
--Andrew Church
achurch at achurch.org
http://achurch.org/
>I'm reporting this as a possible bug:
>
>When a nickname is registered and AUTH is enabled
>
> * Your nick is now XYZ
>-> PRIVMSG NickServ :REGISTER abc123xyz your at email-address.com
> -NickServ- Nickname XYZ has been registered to you.
> -NickServ- An authentication code for your nickname has been sent to
>your at email-address.com.
> -NickServ- When you receive this message, type /msg NickServ AUTH code
>(replace code with the authentication code in the message) to complete your
>nickname registration.
> -NickServ- Your password is abc123xyz -- remember this for later use.
>-> NICK ABC
> * Your nick is now ABC
>-> NICK XYZ
> * Your nick is now XYZ
> * XYZ sets mode: +r
>-> WHOIS XYZ
>and it contains: XYZ has identified for this nick
>
>Notice I didn't identify, and yet i'm classified as identified with +r.
>
>So in other words, the nickname is fully functional even though I have not
>yet AUTH'ed, all it needs is a nickchange and it is concidered registered.
>This could pose as fatal in situations involving spambots. For example: the
>spambot registers its nick with a fake e-mail address, changes its nick, and
>then changes it back, and its automatically registered, then it can privmsg
>registered nicks with spam, join +R channels, etc. etc.
>
>Hope this helps --
>CyberDems
>irc.rsachat.za.net
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices-coding