phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016756phplist applicationInstallationpublic17-03-13 14:1521-03-13 12:21
Reporterduncanc 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.11.7 
Target VersionFixed in Version2.11.8 
Summary0016756: Password invalid after clean install
DescriptionProblem found in SVN trunk version.

I did a clean install with an empty database.

Entered my email address and password.
The database was initialised successfully then clicked button to continue.
The login page was then displayed but with a page title of Configuration Options.

I entered my email address and password but they were rejected with "invalid password". The default password "phplist" did not work either.

Investigating the code, in initialise.php the entered password is hashed using MD5 regardless of the algorithm in the config file. I think that the MD5 hash value is then being hashed again.
To work around this I had to edit the admin table directly to enter a plain-text password. I was able to login with this password, and the password then seemed to be hashed automatically.

TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0051961)
michiel (manager)
21-03-13 12:21

avoided duplication of password encryption


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker