stable
Clone or download
Read-only
request #14646: Enable the use of padding when querying the Have I Been Pwned API
This change prevent an attacker with the capability to observe the traffic to determine which bucket is being queried. https://haveibeenpwned.com/API/v3#PwnedPasswordsPadding Change-Id: I3b39de0cea46d178a79365f2122dc7e2b9113cc3
Modified Files
Name | ||||
---|---|---|---|---|
M | src/common/Password/HaveIBeenPwned/PwnedPasswordRangeRetriever.php | +1 | −1 | Go to diff View file |
M | tests/phpunit/common/Password/HaveIBeenPwned/PwnedPasswordCheckerTest.php | +8 | −6 | Go to diff View file |