The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-285,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| charybdis_project | charybdis | * |
| debian | debian_linux | 8.0 |