{"id":"CVE-2016-7142","details":"The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.","modified":"2026-04-11T05:00:44.772695Z","published":"2016-09-26T15:59:03.267Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/09/04/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/05/8"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3662"},{"type":"ADVISORY","url":"http://www.inspircd.org/2016/09/03/v2023-released.html"},{"type":"FIX","url":"https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inspircd/inspircd","events":[{"introduced":"0"},{"last_affected":"c7a26bc21629ddd4103dac1ff7f9acf45a2c4d35"},{"fixed":"74fafb7f11b06747f69f182ad5e3769b665eea7a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.22"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.1.0","v1.1.0a1","v1.1.0b1","v1.1.0b2","v1.1.0b3","v1.1.0b4","v1.1.0b5","v1.1.0b6","v1.1.0b6.1","v1.1.0b7","v1.1.0b8","v1.1.0b9","v1.1.0fork","v1.1.1","v1.1.10","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.0a1","v1.2.0a2","v1.2.0a3","v1.2.0a4","v1.2.0a5","v1.2.0a6","v1.2.0b1","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0fork","v1.2.0rc1","v1.2.0rc2","v1.2.0rc3","v1.2.0rc4","v1.2.0rc5","v2.0.0","v2.0.0a1","v2.0.0a2","v2.0.0b1","v2.0.0b2","v2.0.0b3","v2.0.0b4","v2.0.0rc1","v2.0.0rc2","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.21","v2.0.22","v2.0.3","v2.0.4","v2.0.5","v2.0.6rc1","v2.0.7","v2.0.8","v2.0.9","v2.0fork"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"src/modules/m_sasl.cpp"},"signature_type":"Line","source":"https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a","digest":{"threshold":0.9,"line_hashes":["228079100025838756566783257419945490230","199453309722348137967308897277233626545","75568141879148473872567936027356473789","229948159184132439404118629736615035392","291717704696387397784739008266277477665","140736679419546910721805029205819158161","161847622082612713858670827218507998792"]},"deprecated":false,"id":"CVE-2016-7142-c365f1aa"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T05:00:44Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7142.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}