Index: branches/5.3.x/core/kernel/utility/cookie_hasher.php
===================================================================
diff -u -N -r15650 -r15651
--- branches/5.3.x/core/kernel/utility/cookie_hasher.php	(.../cookie_hasher.php)	(revision 15650)
+++ branches/5.3.x/core/kernel/utility/cookie_hasher.php	(.../cookie_hasher.php)	(revision 15651)
@@ -140,11 +140,12 @@
 		$secret = $this->_config['secret'];
 		$mode = $this->_config['mode'];
 
-		$vectorSize = strlen(base64_encode(str_repeat(' ', static::_vectorSize($cipher, $mode))));
-		$vector = $this->_safeBase64Decode(substr($encrypted_value, -$vectorSize));
-		$data = $this->_safeBase64Decode(substr($encrypted_value, 0, -$vectorSize));
+		$vector_size = static::_vectorSize($cipher, $mode);
+		$base64_vector_size = strlen(base64_encode(str_repeat(' ', $vector_size)));
+		$vector = $this->_safeBase64Decode(substr($encrypted_value, -$base64_vector_size));
+		$data = $this->_safeBase64Decode(substr($encrypted_value, 0, -$base64_vector_size));
 
-		if ( $vector === false || $data === false ) {
+		if ( $vector === false || $data === false || strlen($vector) != $vector_size ) {
 			// non-encrypted or malformed cookie value given
 			return '';
 		}