From 9190485ef6bd640ba9560906bf6866ef598b6826 Mon Sep 17 00:00:00 2001
From: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Date: Fri, 18 Jul 2025 11:14:17 -0400
Subject: [PATCH] auth/userpass: update dummy string generation (#31318)

---
 builtin/credential/userpass/path_login.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/builtin/credential/userpass/path_login.go b/builtin/credential/userpass/path_login.go
index bd9ca481e1..4018b19608 100644
--- a/builtin/credential/userpass/path_login.go
+++ b/builtin/credential/userpass/path_login.go
@@ -89,7 +89,11 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
 	} else {
 		// This is still acceptable as bcrypt will still make sure it takes
 		// a long time, it's just nicer to be random if possible
-		userPassword = []byte(strings.Repeat("dummy", 12))
+		var err error
+		userPassword, err = bcrypt.GenerateFromPassword([]byte("dummy"), bcrypt.DefaultCost)
+		if err != nil {
+			return logical.ErrorResponse("invalid username or password"), nil
+		}
 	}
 
 	// Check for a password match. Check for a hash collision for Vault 0.2+,