From: scumjr Date: Mon, 21 Mar 2016 17:54:59 +0000 (+0100) Subject: admin.php: fix authentication bypass vulnerability X-Git-Tag: 1.2.0~36^2^2 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/c019221848e50ba97456bcf0ad7e4e7d13dd4110?ds=inline admin.php: fix authentication bypass vulnerability --- diff --git a/admin.php b/admin.php index 25b16ed..a0ae04b 100644 --- a/admin.php +++ b/admin.php @@ -53,7 +53,7 @@ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0)) /* Check classic admin password authentification. */ if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user'])) { - if (strcmp ($cfg['admin_password'], $_POST['admin_password']) == 0) + if ($cfg['admin_password'] === $_POST['admin_password']) $_SESSION['admin_auth'] = true; else {