diff --git a/web/reset/index.php b/web/reset/index.php
index abde3c1453..0d90d15de6 100644
--- a/web/reset/index.php
+++ b/web/reset/index.php
@@ -48,7 +48,7 @@
         if ( $return_var == 0 ) {
             $data = json_decode(implode('', $output), true);
             $rkey = $data[$user]['RKEY'];
-            if ($rkey == $_POST['code']) {
+            if (hash_equals($rkey, $POST[‘code’])) {
                 $v_password = tempnam("/tmp","vst");
                 $fp = fopen($v_password, "w");
                 fwrite($fp, $_POST['password']."\n");