Detections
Analytics

BNC IRC Server Incorrect Password Authentication Bypass

high Nessus Plugin ID 15703

Language:

Synopsis

The remote IRC proxy is susceptible to an authentication bypass issue.

Description

The remote host is running a version of the BNC IRC proxy that contains a flaw in its authentication process that accepted only logins with incorrect passwords. An attacker may use this issue to gain access to the remote IRC proxy server.

Solution

Upgrade to BNC version 2.9.1 or later.

See Also

http://www.nessus.org/u?7e9d3c1f

Plugin Details

Severity: High

ID: 15703

File Name: bnc_auth_bypass.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 11/13/2004

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/26/2004

Reference Information

CVE: CVE-2004-2612

BID: 11650