We use the Extranet module and use reset password by sending email with link to reset-password-site. When I use this my password is NOT encryptet and is visible in clear text in DW (AccessUserPassword). Password encryption is activated and if I change it in DW it's correct encrypted. Is it a known bug in 9.8.11 ?
Reset password encryption
No, it is not a known bug. Maybe it has been fixed at some point. Are you sure you enabled encrypt password for both backend and frontend users?
This is the configuration about encryption. Is this correct ?
If i change password on a user with no password, the password will be in clear text. If i create a user from backend (with encryption) and change the password in frontend the password will be encrypted again. Can you explain why ? It it stored on a user that the password has to be encrypted ?
Hard to tell. I cannot reproduce it on later versions. At some point it worked in the way that if the user did not have an encrypted password, changing it would keep it like that. That has later been changed, so that could be it. So you either have to encrypt all passwords (and ensure one is available first) or do an upgrade.
You must be logged in to post in the forum