Merge pull request #1429 from kingkorf/master

First check bcrypt '$' prefix before performing rexeg on password
2026-04-02 03:38:42 -07:00 · 2020-05-28 14:18:03 -07:00
parent 4ca05d9719 c1848a997c
commit f6a9d3bc3c
1 changed files with 5 additions and 1 deletions
--- a/server/auth.go
+++ b/server/auth.go
@@ -741,7 +741,11 @@ var validBcryptPrefix = regexp.MustCompile(`^\$2[a,b,x,y]{1}\$\d{2}\$.*`)

 // isBcrypt checks whether the given password or token is bcrypted.
 func isBcrypt(password string) bool {
-	return validBcryptPrefix.MatchString(password)
+	if strings.HasPrefix(password, "$") {
+		return validBcryptPrefix.MatchString(password)
+	}
+
+	return false
 }

 func comparePasswords(serverPassword, clientPassword string) bool {