diff --git a/models/DataObject/ClassDefinition/Data/Password.php b/models/DataObject/ClassDefinition/Data/Password.php
index 5b670fb0241..af4f011dfa5 100644
--- a/models/DataObject/ClassDefinition/Data/Password.php
+++ b/models/DataObject/ClassDefinition/Data/Password.php
@@ -302,7 +302,7 @@ public function verifyPassword($password, DataObject\Concrete $object, $updateHa
             }
         } else {
             $hash = $this->calculateHash($password);
-            $result = $hash === $objectHash;
+            $result = hash_equals($objectHash, $hash);
         }
 
         return $result;