lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 09 Nov 2003 15:42:39 -0500
From: "'ken'@FTU" <ken@...security.com>
To: bugtraq@...urityfocus.com
Subject: Gaim IRC Local Account Information Leakage


When logging into IRC via gaim, gaim registers the user with their valid
local account id as well as the nick chosen by the end user. This is
revealed when an attacker asks for information regarding the victim.

Given that the host name (DNS/IP) is also registered, an attacker now
knows both the location of the host and a valid account name.

The offending function call is g_get_user_name() within the function
irc_login_cb in irc.c. This pulls the local account name.

I suggest giving the user a chance to replace it with a name of their
own choosing, as well as having a default fake name for those users who
are technically challenged. :)

I reported it to one of the main developers via IM but was told that it
is just part of the IRC protocol and could not be changed. 

This effects version 0.72 which is the latest. I assume it effects early
versions too, but I did not check due to time constrains.

Workaround:

Offending code in irc.c:

        buf = irc_format(irc, "vvvv:", "USER", 
		strlen(username) ? username : 
---------->	g_get_user_name(), 
		hostname, irc->server,
                gc->account->alias && *gc->account->alias ?
		gc->account->alias : IRC_DEFAULT_ALIAS);


Replace with:

        buf = irc_format(irc, "vvvv:", "USER", 
		strlen(username) ? username : 
---------->	"Your new 9 char spoofed IRC name here" , 
		hostname, irc->server,
                gc->account->alias && *gc->account->alias ?
		gc->account->alias : IRC_DEFAULT_ALIAS);


Cheers,
'ken'@FTU

-- 
'ken'@FTU <ken@...security.com>



Powered by blists - more mailing lists