Fix timing attacks potential vulnerability

2025-02-12 18:41:52 +00:00 · 2021-04-08 17:37:19 +02:00 · 2021-04-08 17:37:19 +02:00 · a01cbc8c3d
commit a01cbc8c3d
parent 2694612565
1 changed files with 1 additions and 1 deletions
--- a/omr-admin.py
+++ b/omr-admin.py
@ -776,7 +776,7 @@ with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
 fake_users_db = omr_config_data['users'][0]

 def verify_password(plain_password, user_password):
-    if plain_password == user_password:
+    if secrets.compare_digest(plain_password,user_password):
        LOG.debug("password true")
        return True
    return False