fang139842/azerothcore-wotlk2
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue

Browse Source
This commit is contained in:
starrheld 2017-03-19 19:18:43 +01:00 committed by Yehonal
parent ffd81423f8
commit 65aa7f4578
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/authserver/Server/AuthSocket.cpp
View File

@ -557,7 +557,7 @@ bool AuthSocket::_HandleLogonProof()
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
if ((A % N).isZero())
{
socket().shutdown();
return true;