Upgrade warning: There are accounts with passwords encrypted using a deprecated algorithm

Created:

2017-02-22 13:35:07 UTC

Modified:

2017-08-19 00:04:19 UTC

1

Was this article helpful?


Have more questions?

Submit a request

Upgrade warning: There are accounts with passwords encrypted using a deprecated algorithm

Applicable to:

  • Plesk Onyx

Symptoms

When upgrading Plesk, the following warning appears:

CONFIG_TEXT: WARNING: There are 2 accounts with passwords encrypted using a deprecated algorithm. Please refer to https://support.plesk.com/hc/en-us/articles/115000198873 for the instructions about how to change the password type to plain.

The following query displays that there are several accounts with incorrect encryption:

# plesk db "SELECT * FROM accounts WHERE type='crypt' AND password not like '$%'"
+------+-------+-------------------------------------------+
| id  | type  | password                                  |
+------+-------+-------------------------------------------+
|  144 | crypt | 57b083012113593c                          |
|  147 | crypt | *C0BF5DBFC80E1C73ED97566021A982BFE2404EDD |
...

Cause

Plesk pre-upgrade checker cannot parse some passwords that were incorrectly encrypted.

Resolution

1. Login to the server via SSH/RDP.

2. Get the list of affected objects. Use the following queries to find out the exact type of all affected users via command line:

This database query will show all users that are affected (that will include all mail users):

# plesk db "SELECT login, contactName, email  FROM smb_users WHERE password NOT LIKE '$%'"

This database query will show all clients (admin, customers, resellers) whose passwords have wrong encryption:

# plesk db "SELECT clients.login, clients.pname, clients.cname, clients.email FROM clients INNER JOIN (SELECT accounts.id FROM accounts WHERE accounts.type='crypt' AND accounts.password NOT LIKE '$%') temptable ON temptable.id = clients.account_id WHERE temptable.id = clients.account_id"

This database query will show all db_users (database users) that are affected:

# plesk db "SELECT db_users.login, domains.name FROM domains, db_users INNER JOIN (SELECT accounts.id FROM accounts WHERE accounts.type='crypt' AND accounts.password NOT LIKE '$%') temptable  ON temptable.id = db_users.account_id WHERE domains.id=db_users.dom_id"

This database query will show all sys_users (subscription users, FTP users) that are affected:

# plesk db "SELECT sys_users.login, sys_users.home FROM sys_users INNER JOIN (SELECT accounts.id FROM accounts WHERE accounts.type='crypt' AND accounts.password NOT LIKE '$%') temptable  ON temptable.id = sys_users.account_id WHERE temptable.id = sys_users.account_id"

This database query will show all pd_users (protected directory users) that are affected:

# plesk db "SELECT pd_users.login, domains.name FROM domains, protected_dirs, pd_users INNER JOIN (SELECT accounts.id FROM accounts WHERE accounts.type='crypt' AND accounts.password NOT LIKE '$%') temptable ON temptable.id = pd_users.account_id WHERE domains.id = protected_dirs.dom_id"

3. Change the password for affected users using Plesk UI. Do not change this value in database directly.

Have more questions? Submit a request
Please sign in to leave a comment.