Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
9b42b336
Commit
9b42b336
authored
Jan 18, 2016
by
Carl Bergquist
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #3771 from bergquist/contant_time_comparison
fix(login): fix vulnerbility for timing attacks
parents
30c19d52
053868f5
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
2 additions
and
1 deletions
+2
-1
pkg/login/auth.go
+2
-1
No files found.
pkg/login/auth.go
View file @
9b42b336
...
...
@@ -3,6 +3,7 @@ package login
import
(
"errors"
"crypto/subtle"
"github.com/grafana/grafana/pkg/bus"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
...
...
@@ -56,7 +57,7 @@ func loginUsingGrafanaDB(query *LoginUserQuery) error {
user
:=
userQuery
.
Result
passwordHashed
:=
util
.
EncodePassword
(
query
.
Password
,
user
.
Salt
)
if
passwordHashed
!=
user
.
Password
{
if
subtle
.
ConstantTimeCompare
([]
byte
(
passwordHashed
),
[]
byte
(
user
.
Password
))
!=
1
{
return
ErrInvalidCredentials
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
