Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

abuse of nickserv

From: nel74 () TIG COM AU (Nelson Little)
Date: Tue, 23 Mar 1999 22:13:29 -0800

Hi,

Many people that IRC on Dalnet have scripts which automatically identify
their nicknames via "/msg nickserv identify your_password" This works fine,
however,if you also IRC on Undernet you can run into a problem. Undernet
has no nickserv so if someone on Undenet decides to use the nick "nickserv"
they will be exposed to countless passwords from all the people that
automatically identify themselves. Once the evil user has these passwords
they can jump on Dalnet and steal that person's nick and change the
password. With a bit of brain power, and I won't go into how, they can also
abuse op in any channels that person has op access in.

Dalnet has been advised and starting on April 15th, you'll need to identify
to NickServ using /msg NickServ () services dal net IDENTIFY instead of just
using /msg NickServ IDENTIFY.

All the other IRC networks that I tested have a nickserv bot which halts
the abuse mentioned above.

Regards
Nelson
Previous By Date Next
Previous By Thread Next

Current thread: