[IRCServices Coding] possible bug in 5.0.28 and below?
CyberDems
cyberdems at cyberdems.za.net
Wed Mar 31 00:28:22 PST 2004
I'm reporting this as a possible bug:
When a nickname is registered and AUTH is enabled
* Your nick is now XYZ
-> PRIVMSG NickServ :REGISTER abc123xyz your at email-address.com
-NickServ- Nickname XYZ has been registered to you.
-NickServ- An authentication code for your nickname has been sent to
your at email-address.com.
-NickServ- When you receive this message, type /msg NickServ AUTH code
(replace code with the authentication code in the message) to complete your
nickname registration.
-NickServ- Your password is abc123xyz -- remember this for later use.
-> NICK ABC
* Your nick is now ABC
-> NICK XYZ
* Your nick is now XYZ
* XYZ sets mode: +r
-> WHOIS XYZ
and it contains: XYZ has identified for this nick
Notice I didn't identify, and yet i'm classified as identified with +r.
So in other words, the nickname is fully functional even though I have not
yet AUTH'ed, all it needs is a nickchange and it is concidered registered.
This could pose as fatal in situations involving spambots. For example: the
spambot registers its nick with a fake e-mail address, changes its nick, and
then changes it back, and its automatically registered, then it can privmsg
registered nicks with spam, join +R channels, etc. etc.
Hope this helps --
CyberDems
irc.rsachat.za.net