Security issues are also discussed in the authentication section.

The IRCX and ISIRCX commands return a set of authentication mechanisms supported by the server. This method is open to a middle man attack whereby an attacker modifies the list of returned authentication methods and only offers a clear-text password transaction. In order to avoid this type of attack, only authentication methods with a challenge response mechanism should be used.

Since all administration commands for RFC1459 and IRCX are sent in clear text, a stream layer encryption mechanism like SSL[5] or IPSEC is required to protect the integrity and confidentiality of the transactions. The mechanisms for establishing these connection are outside the scope of this document.