mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 12:26:34 +02:00
Code Issues Projects Releases Wiki Activity

auth/userpass: update dummy string generation (#31318)

Browse Source
This commit is contained in:
mickael-hc 2025-07-18 11:14:17 -04:00 committed by GitHub
parent 41d8301927
commit 9190485ef6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/credential/userpass/path_login.go
View File

@ -89,7 +89,11 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
} else {
// This is still acceptable as bcrypt will still make sure it takes
// a long time, it's just nicer to be random if possible
userPassword = []byte(strings.Repeat("dummy", 12))
var err error
userPassword, err = bcrypt.GenerateFromPassword([]byte("dummy"), bcrypt.DefaultCost)
if err != nil {
return logical.ErrorResponse("invalid username or password"), nil
}
}
// Check for a password match. Check for a hash collision for Vault 0.2+,