{"id":"CVE-2016-7144","details":"The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.","modified":"2026-04-11T05:00:57.371629Z","published":"2017-01-18T17:59:00.560Z","references":[{"type":"ADVISORY","url":"https://forums.unrealircd.org/viewtopic.php?f=1&t=8588"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/04/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/05/8"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92763"},{"type":"FIX","url":"https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unrealircd/unrealircd","events":[{"introduced":"0"},{"fixed":"f473e355e1dc422c4f019dbf86bc50ba1a34a766"}]},{"type":"GIT","repo":"https://github.com/unrealircd/unrealircd","events":[{"introduced":"0"},{"fixed":"f473e355e1dc422c4f019dbf86bc50ba1a34a766"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7144.json","vanir_signatures":[{"digest":{"function_hash":"299195161566907468620660341084166613642","length":1233},"signature_version":"v1","id":"CVE-2016-7144-3f7c762b","deprecated":false,"target":{"function":"CMD_FUNC","file":"src/modules/m_sasl.c"},"source":"https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["115886860260935195870084536778047430273","25227128243890836524439657246379374207","28890922473748758884586902563936070876"]},"signature_version":"v1","id":"CVE-2016-7144-b532575d","deprecated":false,"target":{"file":"src/modules/m_sasl.c"},"source":"https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T05:00:57Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.2.10.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.5"}]},{"events":[{"introduced":"0"},{"fixed":"3.2.10.7"}]},{"events":[{"introduced":"4.x"},{"fixed":"4.0.6"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}