Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

Use constant-time compare in permissions.py for password identifying

Browse source
This commit is contained in:
jesopo 2019-02-12 11:59:38 +00:00
parent 9667b8a6e0
commit ce23442f4b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/permissions.py
View file

@ -67,7 +67,7 @@ class Module(ModuleManager.BaseModule):
hash, salt = self._get_hash(event["server"], account)
if hash and salt:
attempt, _ = self._make_hash(password, salt)
if attempt == hash:
if utils.security.constant_time_compare(attempt, hash):
self._identified(event["server"], event["user"], account)
event["stdout"].write("Correct password, you have "
"been identified as '%s'." % account)