From ca904f1eded7b2ee7a3deaab44df29338f14cde2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 7 Feb 2013 17:18:04 +0100
Subject: [PATCH] Use secure compare to validate master password

---
 .../install/files/lib/acp/form/MasterPasswordForm.class.php     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/acp/form/MasterPasswordForm.class.php b/wcfsetup/install/files/lib/acp/form/MasterPasswordForm.class.php
index 23abbf5131..a7c652e450 100755
--- a/wcfsetup/install/files/lib/acp/form/MasterPasswordForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/MasterPasswordForm.class.php
@@ -62,7 +62,7 @@ class MasterPasswordForm extends AbstractForm {
 		}
 		
 		// check password
-		if (PasswordUtil::getSaltedHash($this->masterPassword, MASTER_PASSWORD_SALT) != MASTER_PASSWORD) {
+		if (PasswordUtil::secureCompare(PasswordUtil::getSaltedHash($this->masterPassword, MASTER_PASSWORD_SALT), MASTER_PASSWORD)) {
 			throw new UserInputException('masterPassword', 'invalid');
 		}
 	}
-- 
2.20.1