Skip to content

suspended nick  #351

Closed
Closed
@LadyFoxy

Description

@LadyFoxy

Description

Suspended a nick. a person was able to reset the password. Was able to change the password, confirm, and forcefully identify Nick who was suspended.

Steps to reproduce the issue:

  1. set up a test account
  2. suspended the test account
  3. Change the password for the test account.

Describe the results you received:

The password was able to change and forcefully identify to account. The user was able to drop the nick (while still showing suspended) and able to re-register the account, thus removing the suspension completely.

Describe the results you expected:
The user shouldn't be able to receive an email to change the password while the account is suspended.

Additional information you deem important (e.g. issue happens only occasionally):
I tried this on two networks that have anope set up. It occurred on both networks.

Output of services --version:
Notice- {from ChanServ} VERSION Anope-2.0.12 services.technet.chat :UnrealIRCd 4+ - (enc_sha256) -- build #8, compiled 01:33:11 Jul 29 2023
and
Notice- {from ChanServ} VERSION Anope-2.0.9 services.freenode.net :InspIRCd 3 - (enc_sha256) -- build #19, compiled 01:56:18 Apr 20 2022, flags D
Notice- {from ChanServ} VERSION Anope-2.0.10 services.irc-nerds.net :UnrealIRCd 4+ - (enc_sha256) -- build #14, compiled 07:41:07 Oct 28 2021

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions