[IRCServices] Check password without IDENTIFY

Craig McLure Craig at frostycoolslug.com
Sun May 30 18:41:00 PDT 2004 

I feel this needs to be pointed out,

Currently, Nickserv generally kills users after 5 invalid passwords. This module apparently provides a way for users to 'test' passwords without any cause for alarm.

This also means people will be able to brute force passwords using this command.

I thought i would point this out as it can be concidered a threat.

/****************************************
 *     Craig "FrostyCoolSlug" McLure
 *       Craig at FrostyCoolSlug.com
 * InspIRCd   - http://www.inspircd.org
 * ChatSpike  - http://www.chatspike.net
 ****************************************/


/****************************************
 * From    - Mark van Cuijk <mark at phedny.net>
 * To      - IRC Services General Mailing List <ircservices at ircservices.za.net>
 * Sent    - 2004-05-30 18:07:18
 * Subject - Re: [IRCServices] Check password without IDENTIFY
 ****************************************/

/****** - Begin Original Message - ******/

>Hi,
>
>Today I got myself familiar with module programming for services and 
>wrote a module that does what I want.
>
>Although I didn't write any documentation yet, for those who want to 
>experiment with it the module is available for download:
>http://www.phedny.net/~mark/testpass.tar.gz and 
>http://www.phedny.net/~mark/testpass.tar.bz2
>
>Untar the file into the services source dir and do a make, make install.
>Then add "LoadModule testpass/main" to the end of the ircservices.conf 
>file (at least after loading NickServ / ChanServ).
>
>The TESTPASS command is not added to any HELP command, but is available 
>for both NickServ and ChanServ:
>/msg NickServ TESTPASS <user> <password>
>/msg ChanServ TESTPASS <channel> <password>
>
>The commands are only available for Services Admins.
>
>- Mark
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices
>.

/******* - End Original Message - *******/