diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
index fa99aca09e7fa79ea5e95bf5c42e4bb5393f0125..decb5e30ccb39961edd1e6622d524b25279919f0 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
@@ -215,7 +215,7 @@ class BlowfishPasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 1);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 1);
                 } else {
                     $skip = true;
                 }
diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
index 8314870177d6f86802045f688e15000c99e7f344..6da8345dc0a9a652fe575dedcc6b5350aab685b2 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
@@ -68,7 +68,7 @@ class Pbkdf2PasswordHash implements PasswordHashInterface
      */
     public function checkPassword(string $plainPW, string $saltedHashPW): bool
     {
-        return $this->isValidSalt($saltedHashPW) && hash_equals($this->getHashedPasswordInternal($plainPW, $saltedHashPW), $saltedHashPW);
+        return $this->isValidSalt($saltedHashPW) && hash_equals((string)$this->getHashedPasswordInternal($plainPW, $saltedHashPW), $saltedHashPW);
     }
 
     /**
@@ -237,7 +237,7 @@ class Pbkdf2PasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 1);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 1);
                 } else {
                     $skip = true;
                 }
diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
index 64365862d1e4a8f57bdfdd82b2777325bc4a32ce..c25c9e2107755a9d12e786a52543d96ae1886ebc 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
@@ -252,7 +252,7 @@ class PhpassPasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 2);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 2);
                 } else {
                     $skip = true;
                 }