Opened 7 years ago

Closed 7 years ago

#6783 enhancement closed duplicate (duplicate)

Use a password validation function that does not leak passwords mismatch place

Reported by: jan.wrobel Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: wrr@… Branch:


For security reasons credentials classes from should preferably compare passwords using a function which running time does not depend on a place where passwords mismatch. See for example Django implementation of such a function:

Change History (2)

comment:1 Changed 7 years ago by Jean-Paul Calderone


This is a duplicate of #4536.

comment:2 Changed 7 years ago by Jean-Paul Calderone

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.