Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix timing attacks potential vulnerability
  • Loading branch information
Ysurac committed Apr 8, 2021
1 parent 2694612 commit a01cbc8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion omr-admin.py
Expand Up @@ -776,7 +776,7 @@ def set_lastchange(sync=0):
fake_users_db = omr_config_data['users'][0]

def verify_password(plain_password, user_password):
if plain_password == user_password:
if secrets.compare_digest(plain_password,user_password):
LOG.debug("password true")
return True
return False
Expand Down

0 comments on commit a01cbc8

Please sign in to comment.