Forum management
- Threads started by me
- Threads I participate in

Developer forum

Reset password encryption

Jesper Splidsboel

Posted on 04/05/2022 16:36:10

We use the Extranet module and use reset password by sending email with link to reset-password-site. When I use this my password is NOT encryptet and is visible in clear text in DW (AccessUserPassword). Password encryption is activated and if I change it in DW it's correct encrypted. Is it a known bug in 9.8.11 ?

Replies

Nicolai Pedersen

Posted on 05/05/2022 08:00:46

Hi Jesper

No, it is not a known bug. Maybe it has been fixed at some point. Are you sure you enabled encrypt password for both backend and frontend users?

BR Nicolai

Jesper Splidsboel

Posted on 05/05/2022 09:10:32

This is the configuration about encryption. Is this correct ?

Jesper Splidsboel

Posted on 05/05/2022 09:22:36

If i change password on a user with no password, the password will be in clear text. If i create a user from backend (with encryption) and change the password in frontend the password will be encrypted again. Can you explain why ? It it stored on a user that the password has to be encrypted ?

Nicolai Pedersen

Posted on 05/05/2022 13:16:32

Hard to tell. I cannot reproduce it on later versions. At some point it worked in the way that if the user did not have an encrypted password, changing it would keep it like that. That has later been changed, so that could be it. So you either have to encrypt all passwords (and ensure one is available first) or do an upgrade.

BR Nicolai

You must be logged in to post in the forum