From 3f048ca5fa1382a079e859e24897aebfffd2627f Mon Sep 17 00:00:00 2001 From: Shauren Date: Wed, 15 Mar 2017 21:41:58 +0100 Subject: [PATCH] Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue (cherry picked from commit cmangos/mangos-wotlk@ea3e08a8123fbce0082b8aae8eb9b2541f083a9c) --- src/server/authserver/Server/AuthSession.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/authserver/Server/AuthSession.cpp b/src/server/authserver/Server/AuthSession.cpp index 37bbade765d..3fb34ac478f 100644 --- a/src/server/authserver/Server/AuthSession.cpp +++ b/src/server/authserver/Server/AuthSession.cpp @@ -479,7 +479,7 @@ bool AuthSession::HandleLogonProof() A.SetBinary(logonProof->A, 32); // SRP safeguard: abort if A == 0 - if (A.IsZero()) + if ((A % N).IsZero()) return false; SHA1Hash sha;