From 16dacd4b14681676202296c597f89ffbfbdce025 Mon Sep 17 00:00:00 2001
From: nuxsmin <nuxsmin@cygnux-pc>
Date: Sat, 26 Oct 2013 02:17:23 +0200
Subject: [PATCH] Enforce session master password encryption

---
 inc/users.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/users.class.php b/inc/users.class.php
index b2142f31..e71a68dd 100644
--- a/inc/users.class.php
+++ b/inc/users.class.php
@@ -1235,7 +1235,7 @@ class SP_Users {
             if ($showPass == TRUE) {
                 return $clearMasterPass;
             } else {
-                $_SESSION['mPassPwd'] = uniqid();
+                $_SESSION['mPassPwd'] = SHA1(uniqid());
 
                 $sessionMasterPass = $crypt->mkCustomMPassEncrypt($_SESSION["mPassPwd"], $clearMasterPass);