tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BUG Make PasswordEncryptor::check more resistent to timing attacks

This commit is contained in:
Maxime Rainville 2020-09-10 22:17:50 +12:00
parent 089098ffdb
commit 8bcfa57342
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Security/PasswordEncryptor.php
View File

@ -100,6 +100,6 @@ abstract class PasswordEncryptor
*/
public function check($hash, $password, $salt = null, $member = null)
{
return $hash === $this->encrypt($password, $salt, $member);
return hash_equals($hash, $this->encrypt($password, $salt, $member));
}
}