Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th February 2010, 00:43
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 12 Times in 7 Posts
Default ispconfig-3 all user passwords changed: including admin

Today I found out that I as unable to login with both the admin and my regular user account onto an ispconfig-3 installation

I use a password manager ( keepass ) so it's definitely not a case of forgotten password ( 20 character random pass ), I was able to reset it but I still wonder how this is possible....
I checked some logs, but couldn't find anything suspicious
The only thing that changed where a couple of system updates.

Last time I logged in > I tried to add a CP user ( which didn't work as expected, and was removed > I thought I could use it to add an SSH user )

So, what's was going on 1.Ispconfig bug ? 2.package bug? 3.SQL inject ?

It's ( hopefully ) not a critical issue, I'm just curious
Thanks
__________________
Windows, the only virus you pay for
Reply With Quote
Sponsored Links
  #2  
Old 19th February 2010, 09:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,717
Thanks: 820
Thanked 5,322 Times in 4,175 Posts
Default

Unlikely that its a ispconfig bug as this would have been discovered already before. Possible that its a problem with a mysql system update. To me it looks more as if the mysql password for ispconfig is wrong as this will cause a login error too when ispconfig is not able to validate the user in the mysql db. Please check that you are able to login to mysql with the username and password in /usr/local/ispconfig/interface/lib/config.inc.php
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th February 2010, 14:56
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 12 Times in 7 Posts
Default

Thanks Till for the followup...
I am able to login using the credentials in /usr/local/ispconfig/interface/lib/config.inc.php ( file didn't change ), so I quess that means I can rule out a mysql update problem ( besides that it would be very unlikely that it would only affect 2 users on 1 database )...

sql inject is unlikely too ( or not ? ).

In the past I did notice that the password strength bar behaves erratically when pasting large passwords in there ( +20 characters ).
Is there any known maximum password length ? Because in that case it might indeed be a bug.

While where at the topic, is there a way to add a chrooted ssh user from within the CP ? ( I'd like to give some users ssh access to their ftp root ) and jailkit doesn't seem to work -users are able to escape their jail- ...

Thanks for your time

Jan
__________________
Windows, the only virus you pay for

Last edited by Djamu; 19th February 2010 at 15:29. Reason: spel
Reply With Quote
  #4  
Old 19th February 2010, 15:16
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 12 Times in 7 Posts
Default

-deleted double post -
__________________
Windows, the only virus you pay for

Last edited by Djamu; 19th February 2010 at 15:29. Reason: double post
Reply With Quote
  #5  
Old 20th February 2010, 11:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,717
Thanks: 820
Thanked 5,322 Times in 4,175 Posts
Default

Ok. If I read your post correctly, then you changed the passwords of these two users and you were not able to login with the new passwords the next time. This does not mean that the passwords have ben changed by aything malicious, there was just a encoding problem that accured on some system with special characters in passwords, this has been fixed already and will be released with ispconfig 3.0.2.

To reset the password, login to mysql and change it in the sys_user table. You can use md5 as encryption method.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 20th February 2010, 12:40
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 12 Times in 7 Posts
 
Default

No, I did not change any passwords from the existing users, and no special characters either. -I was just wondering if it was related to too long passwords-

I was already able to fix to issue as mentioned in my first post, and I am still trying to figure out what caused this weird issue.

Maybe someone can point me to a specific log entry for the CP password changes ?
__________________
Windows, the only virus you pay for

Last edited by Djamu; 20th February 2010 at 12:44. Reason: spel
Reply With Quote
Reply

Bookmarks

Tags
ispconfig pass changed

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3.0.0.5 Beta Released till General 77 23rd July 2008 12:14
Ruby / FastCGI Problem Chad Server Operation 1 8th March 2008 20:38
ISPConfig 2.2.20 released till General 31 13th February 2008 16:17
User changed password doesn't work confighelp Installation/Configuration 1 14th November 2007 10:18
log files cruz Technical 3 15th May 2007 14:35


All times are GMT +2. The time now is 17:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.