The myuser_delete function in libathemecore/account.c in...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Oct 1, 2012
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 28, 2023
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
References