Opened 13 years ago

Closed 13 years ago

Last modified 6 years ago

#150 closed defect (fixed)

Flawed input verification in SRP

Reported by: rainer Owned by: rainer
Priority: critical Milestone: 2.5.4
Component: main Version:
Keywords: Cc:


Thomas Ptacek discovered that the input verification in the SRP implementation is flawed. A malicious client may zero out the computation and connect without valid password.

Change History (1)

comment:1 Changed 13 years ago by rainer

Resolution: fixed
Status: newclosed

Fixed in changeset [225].

Note: See TracTickets for help on using tickets.