Update src/Plugins/RpcServer/RpcServer.cs

neo-project · Oct 8, 2024 · 1f3483f · 1f3483f
1 parent e7dbb45
commit 1f3483f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/Plugins/RpcServer/RpcServer.cs b/src/Plugins/RpcServer/RpcServer.cs
@@ -92,7 +92,8 @@ internal bool CheckAuth(HttpContext context)
             byte[] user = auths[..colonIndex];
             byte[] pass = auths[(colonIndex + 1)..];
 
-            return CryptographicOperations.FixedTimeEquals(user, _rpcUser) && CryptographicOperations.FixedTimeEquals(pass, _rpcPass);
+            // Execute both checks always but both must be true
+            return CryptographicOperations.FixedTimeEquals(user, _rpcUser) & CryptographicOperations.FixedTimeEquals(pass, _rpcPass);
         }
 
         private static JObject CreateErrorResponse(JToken id, RpcError rpcError)