Fixed
Fixed potential condition where attempting to login would change a user's password to the attempted password.
Changelog » Change #1296
The retrieved hash from the database was checked if it needed to be rehashed (e.g. preferred hashing algorithm changed) before the password was actually verified. If the password needed to be rehashed, it would use the password that was attempted to log in with to create the new hash and would subsequently pass the verification.
Comments for 2018-03-10
Please login to comment.
There are no comments yet.