stable

Clone or download

Read-only

request #14646: Enable the use of padding when querying the Have I Been Pwned API

This change prevent an attacker with the capability to observe the traffic to determine which bucket is being queried. https://haveibeenpwned.com/API/v3#PwnedPasswordsPadding Change-Id: I3b39de0cea46d178a79365f2122dc7e2b9113cc3

Modified Files

Name
M src/common/Password/HaveIBeenPwned/PwnedPasswordRangeRetriever.php +1 −1 Go to diff View file
M tests/phpunit/common/Password/HaveIBeenPwned/PwnedPasswordCheckerTest.php +8 −6 Go to diff View file