E
E
EA-EKB2018-07-25 19:45:00
MODX
EA-EKB, 2018-07-25 19:45:00

After updating Modx from version 2.6.1 to 2.6.5, it does not let me into the admin panel (wrong login / password). What is the problem?

Good day!
Has anyone faced such a situation? We deploy modx for example version 2.6.1 on the test site. We log in to the admin panel, set simpleUpdater, update modx to 2.6.5 and after the update we can’t enter the admin panel ... You see, the login / password is incorrect (although they are 100% correct). Displaying in the passwordMatches method of the /core/model/modx/moduser.class.php file the hashes obtained from the form and the database of passwords, we get the following:

rARuzHgmXMaW2nYDYiSd31XN26wVfPY3Bvh1W6ROmHY=
rARuzHgmXMaW2nYDYiSd31XN26wVfPY3Bvh1W6ROmHZAipY5hQ==
The 1st line is the hash of the password received from the form, the 2nd line is from the database.
Please suggest an idea because of what the hash can be formed incorrectly? Salt is correct. Moreover, after resetting the password through “forgot password”, it logs in normally, but it’s only worth changing the password through the admin panel, as the same crap again.
In /core/model/modx/hashing/modpbkdf2.class.php the $hashLength variable (line 39) is equal to 32 as soon as I changed it to 32 it worked).

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sanes, 2018-07-25
@Sanes

You are stuck. Contacts in profile. Everyone is different. In any case, prepare beks.

A
Anton Tarasov, 2018-07-26
@an-tar

The last seven days have been crazy, hundreds of sites around the world have been attacked, critical vulnerabilities have been discovered in MODX, and the community has released several updates.
More details below:
https://modx.pro/security/15912
modx.today/posts/2018/07/critical-security-vulnera...
What to do: first of all, you need a backup, it is better if it is older than the 19th, when the first attacks were detected, roll back to it, check that you are still not infected, Ai-Bolit will do, or even a manual search if know where to look, the list of places where rubbish is written is final) Next, upgrade to the latest version of MODX 2.6.5, if there is a Gallery, then by all means it to 1.7.1 (due to the vulnerability found in the phpthumb connector), it would be nice and update other components, in rare cases it is necessary to close individual directories from the outside.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question