commit 76881580cd9c30681aa65b228e0757c0515bbaa5
Author: Platonides <platonides@gmail.com>
Date:   Fri Apr 13 22:37:33 2012 +0200

    (bug 35961) If your salted password end up being completely numeric when
    represented in hexadecimal (less than 1 password per 10 millions),
    it is also possible to login by providing another password that only
    matches the first 9 bytes (instead of the full 16 ones) if it turns out
    to also be completely numeric with your assigned salt (which is completely unknown).
    The odds of finding an equivalent password with such characteristics, over a double md5
    with an unknown salt, are really low. Even if the attacker broke into the servers and
    robbed the salts, making use of this property would require a preimage attack of a partial
    md5 (2^18) with the output of another md5 hash, for which a full preimage would still be
    needed. Breaking the hashes using conventional attacks would be easier, so this is not
    a critical update.
    
    Change-Id: I8d1153fb91ca6507bd1df91e9953561f74f12ef6

diff --git a/includes/User.php b/includes/User.php
index af923ff..d3332fd 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -3924,7 +3924,7 @@ class User {
 		} elseif ( $type == ':B:' ) {
 			# Salted
 			list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
-			return md5( $salt.'-'.md5( $password ) ) == $realHash;
+			return md5( $salt.'-'.md5( $password ) ) === $realHash;
 		} else {
 			# Old-style
 			return self::oldCrypt( $password, $userId ) === $hash;