diff options
| author | Shauren <shauren.trinity@gmail.com> | 2017-03-15 21:41:58 +0100 |
|---|---|---|
| committer | Shauren <shauren.trinity@gmail.com> | 2017-03-15 21:41:58 +0100 |
| commit | 14abd1f5875d8c8e98ac9c76789d8b439008eba2 (patch) | |
| tree | 2a0137ba4947e0bd85a26871d910783af76a81cd /src | |
| parent | 9f2f7ebf51a587199ee7328761c5842c3f491e3b (diff) | |
Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue
(cherry picked from commit cmangos/mangos-wotlk@ea3e08a8123fbce0082b8aae8eb9b2541f083a9c)
Diffstat (limited to 'src')
| -rw-r--r-- | src/server/authserver/Server/AuthSession.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/server/authserver/Server/AuthSession.cpp b/src/server/authserver/Server/AuthSession.cpp index e77a6dd4090..dfd77c39cb5 100644 --- a/src/server/authserver/Server/AuthSession.cpp +++ b/src/server/authserver/Server/AuthSession.cpp @@ -477,7 +477,7 @@ bool AuthSession::HandleLogonProof() A.SetBinary(logonProof->A, 32); // SRP safeguard: abort if A == 0 - if (A.IsZero()) + if ((A % N).IsZero()) return false; SHA1Hash sha; |