From 6ef82336044f4630b3ac984debcdfd6b16bb1e8d Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Fri, 10 Apr 2026 12:10:12 +0000
Subject: [PATCH] auth: Use constant-time comparison in SCRAM stored-key
 verification

---
 src/ejabberd_auth.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 546fb703d22..cc58cac65ea 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -930,7 +930,7 @@ is_password_scram_valid(Password, Scram) ->
 	    Salt = base64:decode(Scram#scram.salt),
 	    SaltedPassword = scram:salted_password(Hash, Password, Salt, IterationCount),
 	    StoredKey =	scram:stored_key(Hash, scram:client_key(Hash, SaltedPassword)),
-	    base64:decode(Scram#scram.storedkey) == StoredKey
+	    crypto:hash_equals(base64:decode(Scram#scram.storedkey), StoredKey)
     end.
 
 password_to_scram(Host, Password) ->