Plesk upgrade shows warning: There are accounts with passwords encrypted using a deprecated algorithm

Dmitry Bystrov

10 months ago

Symptoms

When upgrading Plesk, the following warning appears:

WARNING: There are 2 accounts with passwords encrypted using a deprecated algorithm. Please refer to http://kb.plesk.com/en/112391 for the instructions about how to change the password type to plain.
The following query shows that there are several accounts with incorrect password encryption:

# plesk db "SELECT * FROM accounts WHERE type='crypt' AND password not like '$%'"
+------+-------+-------------------------------------------+
| id | type | password |
+------+-------+-------------------------------------------+
| 144 | crypt | 57b083012113593c |
| 147 | crypt | *C0BF5DBFC80E1C73ED97566021A982BFE2404EDD |
...

Cause

Plesk pre-upgrade checker cannot parse some passwords that were incorrectly encrypted.

Resolution

Connect to the server via SSH as root or with a sudo user;
Get the list of affected objects. Use the following queries to find out the exact type of all affected users via command line:
- This database query will show all SMB users that are affected:
  
  # plesk db "SELECT login, contactName, email FROM smb_users WHERE password NOT LIKE '$%' AND login NOT LIKE 'admin'"
- This will show mail users:
  
  # plesk db "SELECT m.mail_name, d.name FROM mail m join domains d on m.dom_id=d.id INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id=m.account_id WHERE temptable.id = m.account_id"
- This database query will show all clients (admin, customers, resellers) whose passwords have wrong encryption:
  
  # plesk db "SELECT c.login, c.pname, c.cname, c.email FROM clients c INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = c.account_id WHERE temptable.id = c.account_id"
- This database query will show all db_users (database users) that are affected:
  
  # plesk db "SELECT db.login, d.name FROM domains d, db_users db INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = db.account_id WHERE d.id=db.dom_id"
- This database query will show all sys_users (subscription users, FTP users) that are affected:
  
  # plesk db "SELECT s.login, s.home FROM sys_users s INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = s.account_id WHERE temptable.id = s.account_id"
- This database query will show all pd_users (protected directory users) that are affected:
  
  # plesk db "SELECT pu.login, d.name FROM domains d, protected_dirs pd, pd_users pu INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = pu.account_id WHERE d.id = pd.dom_id"
Change the password for affected users using Plesk UI.

Note: Do not change this value in the Plesk database directly.

Note: Leaving such passwords is not suggested as they may have negative consequences in future, for example…

0 Shares