Use hash_equals method to compare the hashes.

2018-02-28 23:53:33 +01:00
parent a6a502fe7c
commit 3d901e3fc2
7 changed files with 7 additions and 7 deletions
--- a/lib/HashAlgorithm/CourierMD5Raw.php
+++ b/lib/HashAlgorithm/CourierMD5Raw.php
@@ -42,7 +42,7 @@ class CourierMD5Raw implements HashAlgorithm
     */
    public function checkPassword($password, $dbHash)
    {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
    }

    /**