Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Users with unsalted MD5 passwords unable to log in with Django 1.4 #681

Closed
wants to merge 1 commit into from

2 participants

twig Aymeric Augustin
Aymeric Augustin
Owner

That ticket was closed in favor of https://code.djangoproject.com/ticket/18144. There's a patch attached to Trac that includes tests, unlike this one.

Closing in favor of that patch.

Aymeric Augustin aaugustin closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 29, 2013
  1. twig

    (fix #19687) UnsaltedMD5PasswordHasher.verify() passes the wrong argu…

    twig authored
    …ments to constant_time_compare()
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/contrib/auth/hashers.py
2  django/contrib/auth/hashers.py
View
@@ -373,7 +373,7 @@ def encode(self, password, salt):
def verify(self, password, encoded):
encoded_2 = self.encode(password, '')
- return constant_time_compare(encoded, encoded_2)
+ return constant_time_compare(encoded[5:], encoded_2)
def safe_summary(self, encoded):
return SortedDict([
Something went wrong with that request. Please try again.