diff options
| author | Jesusaves <cpntb1@ymail.com> | 2022-01-23 14:47:09 -0300 |
|---|---|---|
| committer | Jesusaves <cpntb1@ymail.com> | 2022-01-23 14:47:09 -0300 |
| commit | 660b9e5afc01a2db7c0a796b599f80deddc0cfd2 (patch) | |
| tree | 4d390b7722ebc717e06d7958ff616c2568fb13fc | |
| parent | fcdec2a8dd0b6dcb3b28d9bdc5839c77affba002 (diff) | |
| download | evol-hercules-660b9e5afc01a2db7c0a796b599f80deddc0cfd2.tar.gz evol-hercules-660b9e5afc01a2db7c0a796b599f80deddc0cfd2.tar.bz2 evol-hercules-660b9e5afc01a2db7c0a796b599f80deddc0cfd2.tar.xz evol-hercules-660b9e5afc01a2db7c0a796b599f80deddc0cfd2.zip | |
Use TMW hash on user password when changing it.
It is not really an improvement, and is only used when changing password.
Server still handles it internally as plain-text, but should avoid
the password from being reused in a compromise... Maybe.
| -rw-r--r-- | src/elogin/parse.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/elogin/parse.c b/src/elogin/parse.c index 9156cb4..73e1ab1 100644 --- a/src/elogin/parse.c +++ b/src/elogin/parse.c @@ -206,7 +206,8 @@ void elogin_parse_change_paassword(int fd) { // changed ok status = 1; - safestrncpy(acc.pass, new_pass, sizeof(acc.pass)); + // Hash password + safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass)); login->accounts->save(login->accounts, &acc); } else |