Opened 10 years ago

Closed 10 years ago

Last modified 3 years ago

#150 closed defect (fixed)

Flawed input verification in SRP

Reported by: rainer Owned by: rainer
Priority: critical Milestone: 2.5.4
Component: main Version:
Keywords: Cc:


Thomas Ptacek discovered that the input verification in the SRP implementation is flawed. A malicious client may zero out the computation and connect without valid password.

Change History (1)

comment:1 Changed 10 years ago by rainer

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in changeset [225].

Note: See TracTickets for help on using tickets.