[IRCServices Coding] possible bug in 5.0.28 and below?

CyberDems cyberdems at cyberdems.za.net
Wed Mar 31 00:28:22 PST 2004

I'm reporting this as a possible bug:

When a nickname is registered and AUTH is enabled

    * Your nick is now XYZ
-> PRIVMSG NickServ :REGISTER abc123xyz your at email-address.com
   -NickServ- Nickname XYZ has been registered to you.
   -NickServ- An authentication code for your nickname has been sent to
your at email-address.com.
   -NickServ- When you receive this message, type /msg NickServ AUTH code
(replace code with the authentication code in the message) to complete your
nickname registration.
   -NickServ- Your password is abc123xyz -- remember this for later use.
   * Your nick is now ABC
   * Your nick is now XYZ
   * XYZ sets mode: +r
and it contains:  XYZ has identified for this nick

Notice I didn't identify, and yet i'm classified as identified with +r.

So in other words, the nickname is fully functional even though I have not
yet AUTH'ed, all it needs is a nickchange and it is concidered registered.
This could pose as fatal in situations involving spambots. For example: the
spambot registers its nick with a fake e-mail address, changes its nick, and
then changes it back, and its automatically registered, then it can privmsg
registered nicks with spam, join +R channels, etc. etc.

Hope this helps --