CVE-2022-24976
CRITICALatheme 7.2.0-7.2.11 - Authentication Bypass via IRC Handshake Challenge-Response Sequence
Title source: llmDescription
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2022/01/30/4
Patch, Third Party Advisory x_refsource_misc
https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
Patch, Third Party Advisory x_refsource_misc
https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12
Scores
CVSS v3
9.1
EPSS
0.0179
EPSS Percentile
75.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
atheme/atheme
7.2.0 - 7.2.12
Published
Feb 14, 2022
Tracked Since
Feb 18, 2026