Serendipity Forums

User and developer community
https://board.s9y.org/

MD5 hash issue, but only for some users

https://board.s9y.org/viewtopic.php?t=17286

Page 1 of 1

MD5 hash issue, but only for some users

Posted: Wed Jan 05, 2011 8:56 pm
by stego
Hi all,
I have an issue with serendipity
(2nd time in 5 years, which is a pretty good result, thanks to the developers!):

It's about the error message:
You can no longer login with an old-style MD5 hash to prevent MD5-Hostage abuse. Please ask the Administrator to set you a new password.
which has already been discussed in another topic.

The strange thing with my installation is that everything works fine for me as admin level user (userlevel 255), but one of my co-bloggers (userlevel 0) get's the error message when logging in.

Any ideas?
Of course I tried to set another pw for the user, but still get the same error message. I can change my password without issues and I can login and -out without getting error messages.
Running Serendipity 1.5.5 and PHP 5.2.6

Thanks and best regards,
martin

Re: MD5 hash issue, but only for some users

Posted: Thu Jan 06, 2011 1:12 am
by garvinhicking
Hi!

Maybe you can ask the specific user to clear his/her cookie in the browser for the blog. It seems she/he has used the "remember me" functionality that stored an authentication cookie with the old hash on the machine, and this is still being used.

If clearing the cookie does not help (which I don't think) please report back, and we can further investigate the issue!

Best regards,
Garvin

Re: MD5 hash issue, but only for some users

Posted: Thu Jan 06, 2011 8:18 pm
by stego
Hi Garvin,
thanks for the fast reply!

I tried it on a clean browser (Safari after resetting the browser): no success.
I can change my password and login with the new one without issues.
If I change the password of the user I still get the same error message.

To exclude theoretical causes:
Same behavior on Firefox.
I increased the user level of the user to 255 and reset the password again, no success.
On entering a wrong password for the user I get the same error message.

So long,
martin

Re: MD5 hash issue, but only for some users

Posted: Fri Jan 07, 2011 11:17 am
by garvinhicking
Hi!

Do you have access to the serendipity_authors DB table? If yes, please check the row of the corresponding user. He should have the "hashtype" column set to "1"? If not, you can try to set it to 1 and then reset his password?

Regards,
Garvin

Re: MD5 hash issue, but only for some users

Posted: Fri Jan 07, 2011 10:33 pm
by stego
Yep, setting the hashtype to 1 and resetting the password did the trick!

Thanks a lot,
martin
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited