[wp-trac] [WordPress Trac] #37324: Use hash_equals() when comparing hashes
WordPress Trac
noreply at wordpress.org
Sun Jul 10 16:15:08 UTC 2016
#37324: Use hash_equals() when comparing hashes
--------------------------+-----------------------
Reporter: ocean90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.6
Component: Security | Version:
Severity: normal | Keywords: has-patch
Focuses: multisite |
--------------------------+-----------------------
For hardening purposes we should use `hash_equals()` whenever we compare a
(password) hash against user input.`hash_equals()` does a timing attack
safe string comparison.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37324>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list