diff -u b/core/modules/user/src/Controller/MailChangeController.php b/core/modules/user/src/Controller/MailChangeController.php
--- b/core/modules/user/src/Controller/MailChangeController.php
+++ b/core/modules/user/src/Controller/MailChangeController.php
@@ -3,7 +3,6 @@
 namespace Drupal\user\Controller;
 
 use Drupal\Component\Datetime\TimeInterface;
-use Drupal\Component\Utility\Crypt;
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Url;
@@ -77,7 +76,7 @@
       $messenger->addError($this->t('You have tried to use an email address change link that has expired. Please visit your account and change your email again.'));
     }
     // The link is valid.
-    elseif ($timestamp <= $request_time && $timestamp >= $user->getLastLoginTime() && Crypt::hashEquals($hash, user_pass_rehash($user, $timestamp, $new_mail))) {
+    elseif ($timestamp <= $request_time && $timestamp >= $user->getLastLoginTime() && hash_equals($hash, user_pass_rehash($user, $timestamp, $new_mail))) {
       // Save the new email but refresh also the last login time so that this
       // mail change link gets expired.
       $user->setEmail($new_mail)->setLastLoginTime($request_time)->save();
diff -u b/core/modules/user/tests/src/Functional/UserMailChangeTest.php b/core/modules/user/tests/src/Functional/UserMailChangeTest.php
--- b/core/modules/user/tests/src/Functional/UserMailChangeTest.php
+++ b/core/modules/user/tests/src/Functional/UserMailChangeTest.php
@@ -35,6 +35,11 @@
   /**
    * {@inheritdoc}
    */
+  protected $defaultTheme = 'stark';
+
+  /**
+   * {@inheritdoc}
+   */
   protected function setUp() {
     parent::setUp();
     // Create a user.