From af2da8d0902a276cb7f45b6d8c40176676629062 Mon Sep 17 00:00:00 2001
From: Charlene Auger <charlene.auger@factorfx.com>
Date: Thu, 13 Jun 2024 12:07:07 +0000
Subject: [PATCH] fix(authentication): security fix on password comparision

---
 backend/AUTH/methode/local.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/AUTH/methode/local.php b/backend/AUTH/methode/local.php
index 9b49edb26..e0853d33d 100755
--- a/backend/AUTH/methode/local.php
+++ b/backend/AUTH/methode/local.php
@@ -68,7 +68,7 @@
         }
     }
 
-    if ($login_status == true || (isset($rowOp->PASSWD) && hash(PASSWORD_CRYPT, $mdp) == $rowOp->PASSWD)) {
+    if ($login_status == true || (isset($rowOp->PASSWD) && hash(PASSWORD_CRYPT, $mdp) === $rowOp->PASSWD)) {
         $login_successful = "OK";
         $user_group = $rowOp->USER_GROUP;
         $type_log = 'CONNEXION';