You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suspended a nick. a person was able to reset the password. Was able to change the password, confirm, and forcefully identify Nick who was suspended.
Steps to reproduce the issue:
set up a test account
suspended the test account
Change the password for the test account.
Describe the results you received:
The password was able to change and forcefully identify to account. The user was able to drop the nick (while still showing suspended) and able to re-register the account, thus removing the suspension completely.
Describe the results you expected:
The user shouldn't be able to receive an email to change the password while the account is suspended.
Additional information you deem important (e.g. issue happens only occasionally):
I tried this on two networks that have anope set up. It occurred on both networks.
Output of services --version:
Notice- {from ChanServ} VERSION Anope-2.0.12 services.technet.chat :UnrealIRCd 4+ - (enc_sha256) -- build #8, compiled 01:33:11 Jul 29 2023
and
Notice- {from ChanServ} VERSION Anope-2.0.9 services.freenode.net :InspIRCd 3 - (enc_sha256) -- build #19, compiled 01:56:18 Apr 20 2022, flags D
Notice- {from ChanServ} VERSION Anope-2.0.10 services.irc-nerds.net :UnrealIRCd 4+ - (enc_sha256) -- build #14, compiled 07:41:07 Oct 28 2021
The text was updated successfully, but these errors were encountered:
The person is changing their password, and when confirming the new password it force identifies them.
@NickServ> COMMAND: Guest14893!~Lebanese@ip used CONFIRM to confirm RESETPASS and forcefully identify as test11
[10:35:41] <@NickServ> COMMAND: Betelgeuse!~Betelgeus@*** used CONFIRM to confirm RESETPASS and forcefully identify as j
[10:35:46] <@NickServ> COMMAND: Betelgeuse!~Betelgeus@**** (j) used SET PASSWORD to change their password
The Nick J is still suspended but the user was able to identify it after it was suspended. We don't have os_forceid on freenode but it is on the other two networks. It was not being used at the time of this testing.
Description
Suspended a nick. a person was able to reset the password. Was able to change the password, confirm, and forcefully identify Nick who was suspended.
Steps to reproduce the issue:
Describe the results you received:
The password was able to change and forcefully identify to account. The user was able to drop the nick (while still showing suspended) and able to re-register the account, thus removing the suspension completely.
Describe the results you expected:
The user shouldn't be able to receive an email to change the password while the account is suspended.
Additional information you deem important (e.g. issue happens only occasionally):
I tried this on two networks that have anope set up. It occurred on both networks.
Output of
services --version
:Notice- {from ChanServ} VERSION Anope-2.0.12 services.technet.chat :UnrealIRCd 4+ - (enc_sha256) -- build #8, compiled 01:33:11 Jul 29 2023
and
Notice- {from ChanServ} VERSION Anope-2.0.9 services.freenode.net :InspIRCd 3 - (enc_sha256) -- build #19, compiled 01:56:18 Apr 20 2022, flags D
Notice- {from ChanServ} VERSION Anope-2.0.10 services.irc-nerds.net :UnrealIRCd 4+ - (enc_sha256) -- build #14, compiled 07:41:07 Oct 28 2021
The text was updated successfully, but these errors were encountered: