Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
When upgrading Plesk, the following warning appears:
CONFIG_TEXT: WARNING: There are 2 accounts with passwords encrypted using a deprecated algorithm. Please refer to http://kb.plesk.com/en/112391 for the instructions about how to change the password type to plain.
-
The following query shows that there are several accounts with incorrect password encryption:
# plesk db "SELECT * FROM accounts WHERE type='crypt' AND password not like '$%'"
+------+-------+-------------------------------------------+
| id | type | password |
+------+-------+-------------------------------------------+
| 144 | crypt | 57b083012113593c |
| 147 | crypt | *C0BF5DBFC80E1C73ED97566021A982BFE2404EDD |
...
Cause
Plesk pre-upgrade checker cannot parse some passwords that were incorrectly encrypted.
Resolution
-
Connect to the server via SSH as root or with a sudo user;
-
Get the list of affected objects. Use the following queries to find out the exact type of all affected users via command line:
-
This database query will show all SMB users that are affected:
# plesk db "SELECT login, contactName, email FROM smb_users WHERE password NOT LIKE '$%' AND login NOT LIKE 'admin'"
-
This will show mail users:
# plesk db "SELECT m.mail_name, d.name FROM mail m join domains d on m.dom_id=d.id INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id=m.account_id WHERE temptable.id = m.account_id"
-
This database query will show all clients (admin, customers, resellers) whose passwords have wrong encryption:
# plesk db "SELECT c.login, c.pname, c.cname, c.email FROM clients c INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = c.account_id WHERE temptable.id = c.account_id"
-
This database query will show all db_users (database users) that are affected:
# plesk db "SELECT db.login, d.name FROM domains d, db_users db INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = db.account_id WHERE d.id=db.dom_id"
-
This database query will show all sys_users (subscription users, FTP users) that are affected:
# plesk db "SELECT s.login, s.home FROM sys_users s INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = s.account_id WHERE temptable.id = s.account_id"
-
This database query will show all pd_users (protected directory users) that are affected:
# plesk db "SELECT pu.login, d.name FROM domains d, protected_dirs pd, pd_users pu INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = pu.account_id WHERE d.id = pd.dom_id"
-
-
Change the password for affected users using Plesk UI.
Note: Do not change this value in the Plesk database directly.
Note: Leaving such passwords is not suggested as they may have negative consequences in future, for example, when using the plesk repair utility.
Comments
12 comments
Yes, but again the one hand by plesk does not know, what the other hand do! And about this Plesk will have extra support money, why they let not throu, that customers they pay for their products can contact the support, when plesk has make again bullshit!
Plesk use their clients as "Shit happens" !!! This is absolut horror!
Why this:
The upgrades not installed from many versions why, they have an error about:
And know all customers click on this link and get not the right information, why they have in between of 1 day this article to an other site with URL:
https://support.plesk.com/hc/en-us/articles/115001450829-Plesk-upgrade-warning-There-are-accounts-with-passwords-encrypted-using-a-deprecated-algorithm-
And all customers has now a big problem, to find the correct article!
The most of vServer customers must pay 30% to 50% more of Plesk-Prices from november last year on! I cant understand, why Plesk will not make their support better!
@Detlef
Thank you for the feedback and pointing it to our attention.
The issue was resolved, now link http://kb.plesk.com/en/112391 leads to the correct article.
The first Query lists 5 shows 5 "deprecated Algorithm" passwords but none of the five following queries identified these (all showed blank results)
I proceeded with the upgrade to Plesk Onyx and all seems to be ok.
Hello @Mike,
Indeed, this warning does not block an upgrade.
However, it is recommended to update passwords for such mail accounts.
Consider creating a support request to investigate the issue deeper.
Hello,
These commands showing the infected accounts or DB, but how solve it, you didn't mentioned the solution.
Hello jnasser
This article isn't about data being encrypted by a malware. By design Plesk accounts' passwords are stored in encrypted form but sometimes there might be issues with some of the passwords being encrypted incorrectly.
In case the data on your server was encrypted by malware, it's required to contact one of the companies, focused on security to study the case because there's usually no simple solution.
WARNING: There are 249 accounts with passwords encrypted using a deprecated algorithm. Please refer to https://support.plesk.com/hc/articles/115001450829 for the instructions about how to change the password type to plain.
After migration from a Cpanel server, how to solve this issue without manually updating 249 passwords?
Fouad Ahmed Fouad
This article includes instructions for updating passwords via the Plesk database. This is not manual solution when you have to manually open each account in Plesk UI and generate a new password for this. The solution by updating passwords in Plesk datanase is much faster and easier for Plesk administrator.
You may ignore this warning, of course, but it may have negative consequences in future, for example, when using the plesk repair utility. That is why we recommend applying a solution from this article.
There is no other solution available.
Hi Yulia,
Thanks for confirming to me!
As a thought, can't I remigrate any file which contains the passwords as Plesk may recognize it from the original Cpanel server which I migrated accounts from to Plesk?
@Fouad Ahmed Fouad,
You may migrate files with passwords. This way, the same file on a target server should be replaced by a migrated one.
Hi Yulia,
I migrated domains using Plesk migration manager, how to migrate the passwords files manually, if you can provide any URL that would be nice.
and as I see Plesk team said passwords on Cpanel use different encryption than used with Plesk, so many passwords are lost when migrating from Cpanel to Plesk, I wish they mention these issues on migration guide, as I read it and I had many issues when I migrated were not mentioned in Plesk sites or guides! such as SSL certs were not migrated, also when Plesk did the SSL SNI for mail domains it didn't use the generic mail.example.com scheme but directly it used example.com for names on SSL certs for mails so I had to reconfigure Outlook again for clients who were using different server names with Cpanel and actually I had many other issues! so it was a bad idea to do migration from Canel to Plesk, Oh also Phpmyadmin auto login to databases didn't work either! when I migrated Plesk to Plesk before I didn't have much troubles like this.
Hello Fouad Ahmed Fouad
Thank you for the feedback on your side I would feel the same.
> as I see Plesk team said passwords on Cpanel use different encryption than used with Plesk, so many passwords are lost when migrating from Cpanel to Plesk
That's indeed so and after such migration, the solution is to reset customer's passwords as described here: How to reset a password of a Plesk user account
Please sign in to leave a comment.