providers/radius: fix inverted message authenticator validation (#17855)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2025-11-01 17:58:48 +01:00
parent 3ae838293e
commit 09e3301c8f
1 changed files with 1 additions and 2 deletions
@@ -1,7 +1,6 @@
 package radius

 import (
-	"bytes"
 	"crypto/hmac"
 	"crypto/md5"
 	"errors"
@@ -46,7 +45,7 @@ func (r *RadiusRequest) validateMessageAuthenticator() error {
 		return err
 	}
 	hash.Write(encode)
-	if bytes.Equal(mauth, hash.Sum(nil)) {
+	if !hmac.Equal(mauth, hash.Sum(nil)) {
 		return ErrInvalidMessageAuthenticator
 	}
 	return nil