CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-7145

The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.openwall.com/lists/oss-security/2016/09/05/9
https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5
http://www.openwall.com/lists/oss-security/2016/09/05/9
https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5

Products affected by CVE-2016-7145

Nefarious2 Project » Nefarious2 » Version: 2.0

cpe:2.3:a:nefarious2_project:nefarious2:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-7145

Products

Pricing

Contact Us