Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-19 00:48:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue

Browse Source 
(cherry picked from commit cmangos/mangos-wotlk@ea3e08a812)
This commit is contained in:
Shauren
2017-03-15 21:41:58 +01:00
committed by Aokromes
parent 045307cd6e
commit 3f048ca5fa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/authserver/Server/AuthSession.cpp
View File

@@ -479,7 +479,7 @@ bool AuthSession::HandleLogonProof()
A.SetBinary(logonProof->A, 32);
// SRP safeguard: abort if A == 0
if (A.IsZero())
if ((A % N).IsZero())
return false;
SHA1Hash sha;