Using mechanism SCRAM, a client does not abort authentication when the given iteration counter is lower than 4096.
A hostile server can send a small iteration counter (e.g. 1) and forces the client to send a ClientProof that is calculated with lowest computation time. Thus the hostile server can recover the client's password faster with an offline dictionary or brute-force attack.
This fix compares the iteration counter with the recommended minimum of 4096 and aborts the authentication if the server violates the recommended minimum.
Using mechanism SCRAM, a client does not abort authentication when the given iteration counter is lower than 4096.
A hostile server can send a small iteration counter (e.g. 1) and forces the client to send a ClientProof that is calculated with lowest computation time. Thus the hostile server can recover the client's password faster with an offline dictionary or brute-force attack.
This fix compares the iteration counter with the recommended minimum of 4096 and aborts the authentication if the server violates the recommended minimum.