From 2cbb7deb9d5d08e246f336dd93a21e780ae27982 Mon Sep 17 00:00:00 2001 From: Florian Mutter Date: Fri, 28 Apr 2017 11:11:23 +0200 Subject: [PATCH] Fix authentication bypass See https://github.com/fruux/Baikal/issues/673 for more details --- Core/Frameworks/Baikal/Core/PDOBasicAuth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/Frameworks/Baikal/Core/PDOBasicAuth.php b/Core/Frameworks/Baikal/Core/PDOBasicAuth.php index 1a7b4af7..9270194b 100644 --- a/Core/Frameworks/Baikal/Core/PDOBasicAuth.php +++ b/Core/Frameworks/Baikal/Core/PDOBasicAuth.php @@ -69,7 +69,7 @@ function validateUserPass($username, $password) { if (!count($result)) return false; $hash = md5($username . ':' . $this->authRealm . ':' . $password); - if ($result[0]['digesta1'] == $hash) + if ($result[0]['digesta1'] === $hash) { $this->currentUser = $username; return true;