#244 Problem with escape_string in pacrypt()

v2.3.3
closed-duplicate
nobody
Core (82)
5
2012-05-28
2011-05-13
Paolo Stancato
No

Hi there!

Testing postfix admin I've found a bug with users authentication.

The problem is that pacrypt() escape the password before return it and that can taint the hash. I've resolved the issue commenting the line

functions.inc.php:
1244: $password = escape_string ($password);

Data used for testing:
---------------------------------

Password string: P4ssw0rd!
Password hash: $1$>X6mz76\$EdT.4mI8ZEntI9/AgqazS1

Discussion

    • status: open --> closed-duplicate