namreeb

Yes, that was the only check needed to fix the issue. The server needed something equivalent to: if (A % N == 0) { disconnect(); }

Now that this issue has been fixed, I wanted to disclose a security problem that affected the Heroes of Newerth login servers. For background, the Heroes of Newerth login protocol uses the common authentication protocol known as SRP6 (for more info, see: http://srp.stanford.edu/index.html). However, there was a fatal omission in the login server code which essentially allowed any password to be accepted. I was able to use this to login to staff and GM accounts at will. The flaw is a mathematical one. From the SRP6 spec: If the host fails to check that A mod N != 0, and an atta

If you queue Rampage's ult while charging, you can only do it right as the charge starts. The rest of the charge, the ability is disabled. I suppose this may be intended but I feel like I should be able to queue the ult?

Another ministun is Glacius' w