Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Users with unsalted MD5 passwords unable to log in with Django 1.4 #681

Closed
wants to merge 1 commit into from

2 participants

@aaugustin
Owner

That ticket was closed in favor of https://code.djangoproject.com/ticket/18144. There's a patch attached to Trac that includes tests, unlike this one.

Closing in favor of that patch.

@aaugustin aaugustin closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 29, 2013
  1. @twig

    (fix #19687) UnsaltedMD5PasswordHasher.verify() passes the wrong argu…

    twig authored
    …ments to constant_time_compare()
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/contrib/auth/hashers.py
View
2  django/contrib/auth/hashers.py
@@ -373,7 +373,7 @@ def encode(self, password, salt):
def verify(self, password, encoded):
encoded_2 = self.encode(password, '')
- return constant_time_compare(encoded, encoded_2)
+ return constant_time_compare(encoded[5:], encoded_2)
def safe_summary(self, encoded):
return SortedDict([
Something went wrong with that request. Please try again.