From 8b71a92219bd9e477eaa13536ff298a989858dcd Mon Sep 17 00:00:00 2001
From: Alexander Graf <ghostwheel42@users.noreply.github.com>
Date: Sat, 3 Jul 2021 22:32:47 +0200
Subject: [PATCH] use fixed msg for key derivation

---
 core/admin/mailu/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py
index c7e1f73c..02150754 100644
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@@ -280,7 +280,7 @@ class MailuSessionConfig:
 
         key = want_bytes(app.secret_key)
 
-        self._hmac    = hmac.new(hmac.digest(key, key, digest='sha256'), digestmod='sha256')
+        self._hmac    = hmac.new(hmac.digest(key, b'SESSION_UID_HASH', digest='sha256'), digestmod='sha256')
         self._uid_len = uid_bytes
         self._uid_b64 = len(self._encode(bytes(uid_bytes)))
         self._sid_len = sid_bytes