[23954] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

psyBNC2.3 Beta - encrypted text spoofable in others irc terminal

daemon@ATHENA.MIT.EDU (psychoid@rewtbox.de)
Tue Jan 22 20:04:20 2002

Date: 22 Jan 2002 23:12:22 -0000
Message-ID: <20020122231222.23368.qmail@rewtbox.de>
From: psychoid@rewtbox.de
To: bugtraq@securityfocus.com

Subject: psyBNC2.3 Beta - encrypted text "spoofable" in others irc terminal

Hello,

thanks for reporting that problem.

I will solve this by appending a key checksum to the end of
each line. Example:

[B]text text text <1255>

The key checksum is part of the encrypted text. If it 
doesnt match for the user, he can be sure the text
is spoofed. Filtering special characters is no good
solution for that problem. It would need a 
full parse of every line entered, this would consume
too many resources.

The fix will be released soon.

Greetings,
psychoid


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23954] in bugtraq

psyBNC2.3 Beta - encrypted text spoofable in others irc terminal

daemon@ATHENA.MIT.EDU (psychoid@rewtbox.de)Tue Jan 22 20:04:20 2002

daemon@ATHENA.MIT.EDU (psychoid@rewtbox.de)
Tue Jan 22 20:04:20 2002