Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74594

Password not recognized for users with BCRYPT iterations 04

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.9.13
    • None
    • Authentication
    • None
    • MOODLE_39_STABLE

    Description

      Hi everyone!

      We are using Moodle 3.9+ with Classic theme and this week we are facing with an issue during the users’ login.

      In particular, some users are not anymore able to login even if the credentials (username and password) are valid.

       

      We are analyzing the problem and it seems that the problem is due to the hash algorithm used for storing the passwords.

      Following the use cases:

      Users imported in CLI with autoupload function which sets fasthash (iterations=04) 

      1. The majority of users had already changed the password as it is set to force-change at the first login, but since March 25th the users cannot login anymore and they have to require Forgot password. Then the new password will have 10 iterations and authentication works.
      2. Many users appear to have already the hash algorithm for the stored password $2y$10, and they correctly log in. We don't know if by means of Forgot password but until now we've never had alerts from users having this issue.
      3. New users tested now appear to have the 10 iterations hash after forced-password change and they are able to correctly log in.

      Users created manually have always had 10 iterations hashed passwords.

      We did not change anything in the system, no upgrade of Moodle or PHP, no config.php modified.

      We see that PHP uses PASSWORD_DEFAULT parameter and sometimes with an option of iterations, like in autoupload bulk routine. 

      We were wondering what could be the change related to the authentication that had caused the 04 authentication to stop working.

      How can we solve this problem without asking all users to require Forgot password?

       

      Thank you for your help!

      Attachments

        Activity

          People

            Unassigned Unassigned
            aidagp Aida GP
            Jake Dallimore, Mathew May, Mihail Geshoski
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: