Enforce session master password encryption

2026-03-13 03:46:58 +01:00 · 2013-10-26 02:17:23 +02:00
parent 77eb7385ca
commit 16dacd4b14
1 changed files with 1 additions and 1 deletions
--- a/inc/users.class.php
+++ b/inc/users.class.php
@@ -1235,7 +1235,7 @@ class SP_Users {
            if ($showPass == TRUE) {
                return $clearMasterPass;
            } else {
-                $_SESSION['mPassPwd'] = uniqid();
+                $_SESSION['mPassPwd'] = SHA1(uniqid());

                $sessionMasterPass = $crypt->mkCustomMPassEncrypt($_SESSION["mPassPwd"], $clearMasterPass);