From 44004fa372c411e6bc33394434a9cdde8ec73e11 Mon Sep 17 00:00:00 2001 From: Jesusaves Date: Sun, 23 Jan 2022 14:47:09 -0300 Subject: Use TMW hash on user password when changing it. It is not really an improvement, and is only used when changing password. Server still handles it internally as plain-text, but should avoid the password from being reused in a compromise... Maybe. --- src/elogin/parse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/elogin/parse.c b/src/elogin/parse.c index 9156cb4..73e1ab1 100644 --- a/src/elogin/parse.c +++ b/src/elogin/parse.c @@ -206,7 +206,8 @@ void elogin_parse_change_paassword(int fd) { // changed ok status = 1; - safestrncpy(acc.pass, new_pass, sizeof(acc.pass)); + // Hash password + safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass)); login->accounts->save(login->accounts, &acc); } else -- cgit v1.2.3-70-g09d2