diff options
| author | Jesusaves <cpntb1@ymail.com> | 2022-01-23 14:47:09 -0300 |
|---|---|---|
| committer | Jesusaves <cpntb1@ymail.com> | 2022-02-05 23:00:41 -0300 |
| commit | 44004fa372c411e6bc33394434a9cdde8ec73e11 (patch) | |
| tree | dda71853eb0d70743ec9681ecceede447fe472e4 | |
| parent | 776f5b7ef034c16990d830ac43b5352eeab10d05 (diff) | |
| download | evol-hercules-44004fa372c411e6bc33394434a9cdde8ec73e11.tar.gz evol-hercules-44004fa372c411e6bc33394434a9cdde8ec73e11.tar.bz2 evol-hercules-44004fa372c411e6bc33394434a9cdde8ec73e11.tar.xz evol-hercules-44004fa372c411e6bc33394434a9cdde8ec73e11.zip | |
Use TMW hash on user password when changing it.
It is not really an improvement, and is only used when changing password.
Server still handles it internally as plain-text, but should avoid
the password from being reused in a compromise... Maybe.
| -rw-r--r-- | src/elogin/parse.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/elogin/parse.c b/src/elogin/parse.c index 9156cb4..73e1ab1 100644 --- a/src/elogin/parse.c +++ b/src/elogin/parse.c @@ -206,7 +206,8 @@ void elogin_parse_change_paassword(int fd) { // changed ok status = 1; - safestrncpy(acc.pass, new_pass, sizeof(acc.pass)); + // Hash password + safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass)); login->accounts->save(login->accounts, &acc); } else |