Fixed password comparison

author Sascha Greuel <sascha@softcreatr.de>

Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)

committer GitHub <noreply@github.com>

Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)
author Sascha Greuel <sascha@softcreatr.de>
Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)
committer GitHub <noreply@github.com>
Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)
diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php

index e0da9dc88fc7f6d1211d29dfe65f23a040b3daa5..3e9e8e0f9bfe32c65025081f4ae21c4c4b6056f3 100644 (file)
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -588,7 +588,7 @@ final class PasswordUtil {
          * @return      boolean
          */
         protected static function wcf2($username, $password, $salt, $dbHash) {
-               return CryptoUtil::secureCompare($dbHash, self::getDoubleSaltedHash($password, $salt));
+               return CryptoUtil::secureCompare($dbHash, self::getDoubleSaltedHash($password, $dbHash));
         }
         
         /**
author	Sascha Greuel <sascha@softcreatr.de>
	Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)
committer	GitHub <noreply@github.com>
	Fri, 3 May 2019 10:15:03 +0000 (12:15 +0200)