PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-7144 Unrealircd CVE debrief

CVE-2016-7144 is a high-severity authentication bypass in UnrealIRCd. A remote attacker could spoof certificate fingerprints and log in as another user by sending a crafted AUTHENTICATE parameter to the m_authenticate function in modules/m_sasl.c. The issue was publicly discussed in September 2016 advisory threads and later published in the CVE/NVD record on 2017-01-18.

Vendor
Unrealircd
Product
CVE-2016-7144
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-18
Original CVE updated
2026-05-13
Advisory published
2017-01-18
Advisory updated
2026-05-13

Who should care

UnrealIRCd administrators, IRC network operators, and teams responsible for SASL or certificate-based authentication on IRC infrastructure should prioritize this issue. Any environment relying on UnrealIRCd for user identity assurance or access control should verify exposure and patch status.

Technical summary

The flaw is an authentication weakness (CWE-287) in UnrealIRCd’s SASL handling path. According to the CVE record, m_authenticate in modules/m_sasl.c allowed a remote attacker to spoof certificate fingerprints, which could let the attacker authenticate as another user through a crafted AUTHENTICATE parameter. NVD lists affected releases including UnrealIRCd 3.2.10.5 and 4.0.0 through 4.0.5, while the CVE description states versions before 3.2.10.7 and 4.x before 4.0.6. That version-range mismatch should be verified against the vendor advisory and patch references before remediation planning.

Defensive priority

High. This is a network-reachable authentication bypass with potential account takeover, so it should be treated as a priority remediation item for any exposed UnrealIRCd instance.

Recommended defensive actions

  • Confirm whether any UnrealIRCd instances are deployed and whether they are exposed to untrusted networks.
  • Compare installed versions against both the CVE description and NVD CPE ranges, and verify the vendor advisory for the exact fixed release.
  • Upgrade UnrealIRCd to a patched release referenced by the vendor advisory and commit patch link.
  • Review authentication logs for unexpected certificate-fingerprint-based logins or account misuse around the disclosure window and since then.
  • If immediate upgrading is not possible, restrict IRC access to trusted networks and minimize reliance on certificate fingerprint authentication until patched.

Evidence notes

The CVE description states that m_authenticate in modules/m_sasl.c allowed remote attackers to spoof certificate fingerprints and log in as another user via a crafted AUTHENTICATE parameter. NVD classifies the weakness as CWE-287 and assigns CVSS 3.0 vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The reference set includes Openwall oss-security posts dated 2016-09-04 and 2016-09-05, a vendor advisory, and a GitHub patch commit.

Official resources

Public disclosure references point to September 2016 Openwall oss-security posts and a vendor advisory; the CVE record and NVD entry were published on 2017-01-18.