UnrealIRCd IP Cloaking Weakness Information Disclosure
Medium Nessus Plugin ID 12297
SynopsisThe remote host appears to be running an IRC server.
DescriptionThe remote host is running UnrealIRCd, a popular IRC server.
The remote version of this server offers an 'IP cloaking' capability that offers to hide the IP address of the users connected to the server in order to preserve their anonymity.
There is a design error in the algorithm used by the server that could allow an attacker to guess the real IP address of another user of the server by reducing the number of tries to 2,000.
SolutionUpgrade to UnrealIRCd 3.2.1