diff --git a/lib/Controller/UserController.php b/lib/Controller/UserController.php
index e6bef59985dfcf5a86f4a1ec7c4f3f6df5047bf2..dd87f13eea12cfec94bf54d9edf99cbce46637c7 100644
--- a/lib/Controller/UserController.php
+++ b/lib/Controller/UserController.php
@@ -136,6 +136,6 @@ class UserController extends ApiController {
 
 	private function checkAppCredentials(string $token): bool {
 		$ecloud_accounts_secret = $this->userService->getConfigValue('secret');
-		return strcmp($token, $ecloud_accounts_secret) === 0;
+		return hash_equals($ecloud_accounts_secret, $token);
 	}
 }