Jump to content

Until recently it was possible to login to any account without knowing the password!


Recommended Posts

Now that this issue has been fixed, I wanted to disclose a security problem that affected the Heroes of Newerth login servers.  For background, the Heroes of Newerth login protocol uses the common authentication protocol known as SRP6 (for more info, see: http://srp.stanford.edu/index.html).  However, there was a fatal omission in the login server code which essentially allowed any password to be accepted.  I was able to use this to login to staff and GM accounts at will.

The flaw is a mathematical one.  From the SRP6 spec:

Quote

The two parties also employ the following safeguards:

The user will abort if he receives B == 0 (mod N) or u == 0.

The host will abort if it detects that A == 0 (mod N).

The user must show his proof of K first. If the server detects that the user's proof is incorrect, it must abort without showing its own proof of K.

If the host fails to check that A mod N != 0, and an attacker provides a value of A for which A mod N == 0 (e.g. A == N), this will cause the arithmetic to work out to zero, negating the contribution of the secret fields (i.e. password in this case).

The issue was not easy to exploit, and required binary modification to the client.  To my knowledge, nobody but the development team and myself knew the specifics, and no accounts were compromised (except by me during testing).  Your data is safe, and now safer!

  • Thanks 1
Link to post
Share on other sites

Was the omission just that there wasn't any check at all for A % N != 0? Or was there some special value required (like just preventing the trivial A != 0 and A != N (without mod))?

Also: Thank you for the responsible disclosure 😇

Edited by Manu311
Link to post
Share on other sites
On 2/10/2022 at 1:36 AM, Manu311 said:

Was the omission just that there wasn't any check at all for A % N != 0? Or was there some special value required (like just preventing the trivial A != 0 and A != N (without mod))?

Yes, that was the only check needed to fix the issue.  The server needed something equivalent to:

 

if (A % N == 0) { disconnect(); }

 

Edited by namreeb
  • Sad 1
Link to post
Share on other sites
×
×
  • Create New...