Skip to content
This repository has been archived by the owner on Apr 19, 2022. It is now read-only.

fix magic hash authentication bypass #148

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix magic hash authentication bypass #148

wants to merge 1 commit into from

Conversation

peng-hui
Copy link

The loose comparison allows attackers to authenticate without a correct password. For example, if the hash value from sha1 starts with 0e and forms a magic hash, it can be easily bypassed.

-- Reference to magic hash

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
1 participant