Chaosvex

void ClientConnection::stop() {
	LOG_DEBUG_FILTER(logger_, LF_NETWORK)
		<< "Closing connection to " << remote_address() << LOG_ASYNC;

	handler_.stop();
	boost::system::error_code ec; // we don't care about any errors
	socket_.shutdown(boost::asio::ip::tcp::socket::shutdown_both, ec);
	socket_.close(ec);
	stopped_ = true;
}

Chaosvex

#pragma once

#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <cstdint>

namespace EngineTypes {

const std::uint32_t UNHI = 0x756E6869;
const std::uint32_t WPHI = 0x77706869;

Chaosvex

Brief:

Vulnerability in authentication state machines allows for an attacker to bypass account security, allowing for server authentication without providing a password.

Affected emulators:

All versions of: Ascent, TrinityCore 3.x, MaNGOS, CMaNGOS, and all known forks.

Background:

World of Warcraft uses the SRP6 cryptographic algorithm to authenticate with servers without requiring the user's password to be sent over the Internet (in plaintext or as a hash).

Although the specific details of SRP6 are outside of the scope of this write-up, the integrity of this process requires that the server holds 'secret' values that the client cannot guess. Only by deriving its own SRP6 values from the user's password can it prove itself to the server.