Greetings tech-gurus,
I think my network has stumbled into a unique bug.
If you have a channel setup, and you have voices setup, default level 3 (+v), they can obtain ops WITHOUT being an op.
This is how:
1) The join the channel. (they do NOT identify)
2) They then IDENTIFY, at which time chanserv +v voices them.
3) They then type /cs op, and viola! it OPS them. They are NOT on the op access llist, but they ARE on a voice.
I have XOP disabled. This seems to work on ANY channel where you have a voice +v on the access list.
I've upgraded to anope 1.6.5 (from 1.6.4) thinking a code fix might have been applied. no suck luck.
Is there a patch to fix this? Its obviously a security breach of sorts. I've enabled SECUREOPS on all channels to stop it for now, but in some cases, they can STILL get ops even with that on which is very perplexing to me.
Please advise.
Kindly,
Stoney
Starfleet Network