From: Sascha Greuel <sascha@softcreatr.de>
Date: Fri, 3 May 2019 10:15:03 +0000 (+0200)
Subject: Fixed password comparison
X-Git-Tag: 5.2.0_Alpha_1~19^2~2^2~2^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4fdf9626fb21c22965905281d487540f545f330c;p=GitHub%2FWoltLab%2FWCF.git

Fixed password comparison
---

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index e0da9dc88f..3e9e8e0f9b 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -588,7 +588,7 @@ final class PasswordUtil {
 	 * @return	boolean
 	 */
 	protected static function wcf2($username, $password, $salt, $dbHash) {
-		return CryptoUtil::secureCompare($dbHash, self::getDoubleSaltedHash($password, $salt));
+		return CryptoUtil::secureCompare($dbHash, self::getDoubleSaltedHash($password, $dbHash));
 	}
 	
 	/**