diff options
| author |  jesopo | 2019-02-12 11:59:38 +0000 |
|---|---|---|
| committer | jesopo | 2019-02-12 11:59:47 +0000 |
| commit | ce23442f4b08391d765c9a4e9fef660d51160728 (patch) | |
| tree | 9773179a9f914fe4aec2f8e7acd465152aeaad20 /modules | |
| parent | Move constant-time compare function to utils.security (diff) | |
| signature | ||
Use constant-time compare in permissions.py for password identifying
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/permissions.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/permissions.py b/modules/permissions.py index e24f6ea0..e620f46f 100644 --- a/modules/permissions.py +++ b/modules/permissions.py @@ -67,7 +67,7 @@ class Module(ModuleManager.BaseModule): hash, salt = self._get_hash(event["server"], account) if hash and salt: attempt, _ = self._make_hash(password, salt) - if attempt == hash: + if utils.security.constant_time_compare(attempt, hash): self._identified(event["server"], event["user"], account) event["stdout"].write("Correct password, you have " "been identified as '%s'." % account) |