Impact
This weekend the development team found and addressed a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in.
Patches
The issue has been since resolved with the help of @RhinosF1. Now the user's hostmask is checked to verify the user is logged into the correct account with all steward actions taken using the bot's IRC interface.
References
You can find the full change at 2eac90d...1a62da1
For more information
If you have any questions or comments about this advisory:
Impact
This weekend the development team found and addressed a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in.
Patches
The issue has been since resolved with the help of @RhinosF1. Now the user's hostmask is checked to verify the user is logged into the correct account with all steward actions taken using the bot's IRC interface.
References
You can find the full change at 2eac90d...1a62da1
For more information
If you have any questions or comments about this advisory: