Child pages
  • [install] User unable to change password after upgrade from 5.2.1 [5.2.2-B1]
Skip to end of metadata
Go to start of metadata

In  INP-1122 - Getting issue details... STATUS  task the password storage was changed from MD5 into BCRYPT. As part of upgrade process existing user password hashes (MD5) were BCRYPTED. This way 3 password storage classes exist:

  • MD5 - only if for some reason they're not upgraded into MD5+BCRYPT
  • MD5+BCRYPT - only exists for users existed prior to upgrade (will be transformed into BCRYPT upon next login)
  • BCRYPT - new default

Above implementation has bug, that upon user password change attempt will:

  • stores password in BCRYPT format
  • report password to be stored in MD5+BCRYPT format

Due this fact user won't be able to login after his password is changed. Even "Forgot Password" functionality won't help.

Solution

When changing password for upgraded users (that have MD5+BCRYPT password storage) check based on password content if it's provided in plain text or MD5 hash format.

Related Tasks

INP-1593 - Getting issue details... STATUS