#150 closed defect (fixed)
Flawed input verification in SRP
| Reported by: | rainer | Owned by: | rainer |
|---|---|---|---|
| Priority: | critical | Milestone: | 2.5.4 |
| Component: | main | Version: | |
| Keywords: | Cc: |
Description
Thomas Ptacek discovered that the input verification in the SRP implementation is flawed. A malicious client may zero out the computation and connect without valid password.
Note:
See TracTickets
for help on using tickets.
Fixed in changeset [225].