High severity8.1NVD Advisory· Published Sep 21, 2016· Updated Jun 17, 2026
CVE-2016-7143
CVE-2016-7143
Description
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versionspkg:rpm/opensuse/charybdis&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/solanum&distro=openSUSE%20Tumbleweed
< 3.5.3-2.1+ 1 more
- (no CPE)range: < 3.5.3-2.1
- (no CPE)range: < 0~ch448-1.4
Patches
Vulnerability mechanics
References
6- github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824nvdIssue TrackingPatch
- www.debian.org/security/2016/dsa-3661nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/09/04/3nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/09/05/8nvdMailing ListThird Party Advisory
- github.com/charybdis-ircd/charybdis/blob/charybdis-3.5.3/NEWS.mdnvdRelease NotesThird Party Advisory
- www.securityfocus.com/bid/92761nvd
News mentions
0No linked articles in our index yet.