MD5 hash issue, but only for some users

Found a bug? Tell us!!
Post Reply
stego
Regular
Posts: 13
Joined: Thu Mar 01, 2007 1:22 am
Location: Zürich
Contact:
Contact stego

MD5 hash issue, but only for some users

Post by stego »

Hi all,
I have an issue with serendipity
(2nd time in 5 years, which is a pretty good result, thanks to the developers!):

It's about the error message:
You can no longer login with an old-style MD5 hash to prevent MD5-Hostage abuse. Please ask the Administrator to set you a new password.
which has already been discussed in another topic.

The strange thing with my installation is that everything works fine for me as admin level user (userlevel 255), but one of my co-bloggers (userlevel 0) get's the error message when logging in.

Any ideas?
Of course I tried to set another pw for the user, but still get the same error message. I can change my password without issues and I can login and -out without getting error messages.
Running Serendipity 1.5.5 and PHP 5.2.6

Thanks and best regards,
martin
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Re: MD5 hash issue, but only for some users

Post by garvinhicking »

Hi!

Maybe you can ask the specific user to clear his/her cookie in the browser for the blog. It seems she/he has used the "remember me" functionality that stored an authentication cookie with the old hash on the machine, and this is still being used.

If clearing the cookie does not help (which I don't think) please report back, and we can further investigate the issue!

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
stego
Regular
Posts: 13
Joined: Thu Mar 01, 2007 1:22 am
Location: Zürich
Contact:
Contact stego

Re: MD5 hash issue, but only for some users

Post by stego »

Hi Garvin,
thanks for the fast reply!

I tried it on a clean browser (Safari after resetting the browser): no success.
I can change my password and login with the new one without issues.
If I change the password of the user I still get the same error message.

To exclude theoretical causes:
Same behavior on Firefox.
I increased the user level of the user to 255 and reset the password again, no success.
On entering a wrong password for the user I get the same error message.

So long,
martin
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Re: MD5 hash issue, but only for some users

Post by garvinhicking »

Hi!

Do you have access to the serendipity_authors DB table? If yes, please check the row of the corresponding user. He should have the "hashtype" column set to "1"? If not, you can try to set it to 1 and then reset his password?

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
stego
Regular
Posts: 13
Joined: Thu Mar 01, 2007 1:22 am
Location: Zürich
Contact:
Contact stego

Re: MD5 hash issue, but only for some users

Post by stego »

Yep, setting the hashtype to 1 and resetting the password did the trick!

Thanks a lot,
martin
Top
Post Reply

Return to “Bugs”