src/Security/Hasher/PasswordEncoder.php

@@ -47,8 +47,8 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
         $completedPassword = $this->getPasswordToHash($plainPassword, $salt);
 
         foreach ($this->hashAlgoLegacy as $algo) {
-            if ('ssha' === $algo) {
-                return $this->compareSsha($hashedPassword, $completedPassword);
+            if ('ssha' === $algo && $this->compareSsha($hashedPassword, $completedPassword)) {
+                return true;
             }
             if ($this->isObsoleteAlgo($algo)) {
                 if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) {