[IRCServices Coding] possible bug in 5.0.28 and below?

Andrew Church achurch at achurch.org
Wed Mar 31 20:46:02 PST 2004

     Fixed for 5.0.30, thanks for the report.

  --Andrew Church
    achurch at achurch.org

>I'm reporting this as a possible bug:
>When a nickname is registered and AUTH is enabled
>    * Your nick is now XYZ
>-> PRIVMSG NickServ :REGISTER abc123xyz your at email-address.com
>   -NickServ- Nickname XYZ has been registered to you.
>   -NickServ- An authentication code for your nickname has been sent to
>your at email-address.com.
>   -NickServ- When you receive this message, type /msg NickServ AUTH code
>(replace code with the authentication code in the message) to complete your
>nickname registration.
>   -NickServ- Your password is abc123xyz -- remember this for later use.
>   * Your nick is now ABC
>   * Your nick is now XYZ
>   * XYZ sets mode: +r
>and it contains:  XYZ has identified for this nick
>Notice I didn't identify, and yet i'm classified as identified with +r.
>So in other words, the nickname is fully functional even though I have not
>yet AUTH'ed, all it needs is a nickchange and it is concidered registered.
>This could pose as fatal in situations involving spambots. For example: the
>spambot registers its nick with a fake e-mail address, changes its nick, and
>then changes it back, and its automatically registered, then it can privmsg
>registered nicks with spam, join +R channels, etc. etc.
>Hope this helps --
>To unsubscribe or change your subscription options, visit: