Fail auth on empty password in DB

2020-06-06 12:52:22 +02:00 · 2020-06-06 12:52:22 +02:00 · 4b3469335e
commit 4b3469335e
parent e54293cd0e
1 changed files with 5 additions and 0 deletions
--- a/downstream.go
+++ b/downstream.go
@ -688,6 +688,11 @@ func (dc *downstreamConn) authenticate(username, password string) error {
 		return errAuthFailed
 	}

+	// Password auth disabled
+	if u.Password == "" {
+		return errAuthFailed
+	}
+
 	err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
 	if err != nil {
 		dc.logger.Printf("failed authentication for %q: %v", username, err)