Ticket #150 (closed defect: fixed)

Opened 7 years ago

Last modified 5 months ago

Flawed input verification in SRP

Reported by: rainer Owned by: rainer
Priority: critical Milestone: 2.5.4
Component: main Version:
Keywords: Cc:

Description

Thomas Ptacek discovered that the input verification in the SRP implementation is flawed. A malicious client may zero out the computation and connect without valid password.

Change History

comment:1 Changed 7 years ago by rainer

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in changeset [225].

Note: See TracTickets for help on using tickets.