Jump to content

namreeb

Verified members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

1 Neutral

Recent Profile Visitors

121 profile views
  1. Yes, that was the only check needed to fix the issue. The server needed something equivalent to: if (A % N == 0) { disconnect(); }
  2. Now that this issue has been fixed, I wanted to disclose a security problem that affected the Heroes of Newerth login servers. For background, the Heroes of Newerth login protocol uses the common authentication protocol known as SRP6 (for more info, see: http://srp.stanford.edu/index.html). However, there was a fatal omission in the login server code which essentially allowed any password to be accepted. I was able to use this to login to staff and GM accounts at will. The flaw is a mathematical one. From the SRP6 spec: If the host fails to check that A mod N != 0, and an atta
  3. If you queue Rampage's ult while charging, you can only do it right as the charge starts. The rest of the charge, the ability is disabled. I suppose this may be intended but I feel like I should be able to queue the ult?
  4. Another ministun is Glacius' w
×
×
  • Create New...