Prevent type juggling for password hash comparison (#3324)

opensourcepos · Sep 30, 2021 · f1672d9 · f1672d9
1 parent 2f69841
commit f1672d9
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -17,7 +17,8 @@ receiving such patches depend on the CVSS v3.0 Rating:
 
 | CVSS v3.0 | Supported Versions                                 |
 | --------- | -------------------------------------------------- |
-| 7.3       | 3.5.5                                              |
+| 7.3       | 3.3.5                                              |
+| 9.8       | 3.3.6                                              |
 
 ## Reporting a Vulnerability
 

diff --git a/application/models/Employee.php b/application/models/Employee.php
@@ -327,20 +327,20 @@ public function login($username, $password)
 	{
 		$query = $this->db->get_where('employees', array('username' => $username, 'deleted' => 0), 1);
 
-		if($query->num_rows() == 1)
+		if($query->num_rows() === 1)
 		{
 			$row = $query->row();
 
 			// compare passwords depending on the hash version
-			if($row->hash_version == 1 && $row->password == md5($password))
+			if($row->hash_version === '1' && $row->password === md5($password))
 			{
 				$this->db->where('person_id', $row->person_id);
 				$this->session->set_userdata('person_id', $row->person_id);
 				$password_hash = password_hash($password, PASSWORD_DEFAULT);
 
 				return $this->db->update('employees', array('hash_version' => 2, 'password' => $password_hash));
 			}
-			elseif($row->hash_version == 2 && password_verify($password, $row->password))
+			elseif($row->hash_version === '2' && password_verify($password, $row->password))
 			{
 				$this->session->set_userdata('person_id', $row->person_id);