Owner or admin access can be easily gained

totallymike / ircnode

Extensible IRC bot written with node.js

https://github.com/totallymike/ircnode/wiki

MIT License

4 stars 2 forks source link

Owner or admin access can be easily gained #17

Closed sigv closed 12 years ago

sigv commented 12 years ago

If someone knows the nick of the owner, then that person can easily /nick Foobar to change his/her nick to the owner's nick. Then the person has full access to the bot for 60 seconds (until automatic kick by server) and can promote their own account in that time period.

sigv commented 12 years ago

Currently, a proposed fix has been pushed to rights_checks branch. As these are pretty extensive changes, they are on hold until approval or any other comments from the project leader.