Articles in this section

Plesk upgrade shows warning: There are accounts with passwords encrypted using a deprecated algorithm

Renan Poss Moreira
Updated
Plesk for Windows DoNotDelete:docref Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • When upgrading Plesk, the following warning appears:

    CONFIG_TEXT: WARNING: There are 2 accounts with passwords encrypted using a deprecated algorithm. Please refer to http://kb.plesk.com/en/112391 for the instructions about how to change the password type to plain.

  • The following query shows that there are several accounts with incorrect password encryption:

    # plesk db "SELECT * FROM accounts WHERE type='crypt' AND password not like '$%'"
    +------+-------+-------------------------------------------+
    | id | type | password |
    +------+-------+-------------------------------------------+
    | 144 | crypt | 57b083012113593c |
    | 147 | crypt | *C0BF5DBFC80E1C73ED97566021A982BFE2404EDD |
    ...

Cause

Plesk pre-upgrade checker cannot parse some passwords that were incorrectly encrypted.

Resolution

  1. Connect to the server via SSH as root or with a sudo user;

  2. Get the list of affected objects. Use the following queries to find out the exact type of all affected users via command line:

    • This database query will show all SMB users that are affected:

      # plesk db "SELECT login, contactName, email FROM smb_users WHERE password NOT LIKE '$%' AND login NOT LIKE 'admin'"

    • This will show mail users:

      # plesk db "SELECT m.mail_name, d.name FROM mail m join domains d on m.dom_id=d.id INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id=m.account_id WHERE temptable.id = m.account_id"

    • This database query will show all clients (admin, customers, resellers) whose passwords have wrong encryption:

      # plesk db "SELECT c.login, c.pname, c.cname, c.email FROM clients c INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = c.account_id WHERE temptable.id = c.account_id"

    • This database query will show all db_users (database users) that are affected:

      # plesk db "SELECT db.login, d.name FROM domains d, db_users db INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = db.account_id WHERE d.id=db.dom_id"

    • This database query will show all sys_users (subscription users, FTP users) that are affected:

      # plesk db "SELECT s.login, s.home FROM sys_users s INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = s.account_id WHERE temptable.id = s.account_id"

    • This database query will show all pd_users (protected directory users) that are affected:

      # plesk db "SELECT pu.login, d.name FROM domains d, protected_dirs pd, pd_users pu INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = pu.account_id WHERE d.id = pd.dom_id"

  3. Change the password for affected users using Plesk UI.

    Note: Do not change this value in the Plesk database directly.

    Note: Leaving such passwords is not suggested as they may have negative consequences in future, for example, when using the plesk repair utility.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.