From c019221848e50ba97456bcf0ad7e4e7d13dd4110 Mon Sep 17 00:00:00 2001
From: scumjr <scumjr@users.noreply.gitlab.com>
Date: Mon, 21 Mar 2016 18:54:59 +0100
Subject: [PATCH] admin.php: fix authentication bypass vulnerability

---
 admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin.php b/admin.php
index 25b16ed..a0ae04b 100644
--- a/admin.php
+++ b/admin.php
@@ -53,7 +53,7 @@ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
 /* Check classic admin password authentification. */
 if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user']))
 {
-    if (strcmp ($cfg['admin_password'], $_POST['admin_password']) == 0)
+    if ($cfg['admin_password'] === $_POST['admin_password'])
         $_SESSION['admin_auth'] = true;
     else
     {
-- 
2.34.1