Bugtraq mailing list archives
abuse of nickserv
From: nel74 () TIG COM AU (Nelson Little)
Date: Tue, 23 Mar 1999 22:13:29 -0800
Hi, Many people that IRC on Dalnet have scripts which automatically identify their nicknames via "/msg nickserv identify your_password" This works fine, however,if you also IRC on Undernet you can run into a problem. Undernet has no nickserv so if someone on Undenet decides to use the nick "nickserv" they will be exposed to countless passwords from all the people that automatically identify themselves. Once the evil user has these passwords they can jump on Dalnet and steal that person's nick and change the password. With a bit of brain power, and I won't go into how, they can also abuse op in any channels that person has op access in. Dalnet has been advised and starting on April 15th, you'll need to identify to NickServ using /msg NickServ () services dal net IDENTIFY instead of just using /msg NickServ IDENTIFY. All the other IRC networks that I tested have a nickserv bot which halts the abuse mentioned above. Regards Nelson
Current thread:
- X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
- ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
- Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
- Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- <Possible follow-ups>
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)