• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Password warning while updating to Obsidian 18.0.21

Denis Gomes Franco

Denis Gomes Franco

Regular Pleskian
Hey, I think I may have found a small bug.

While updating my servers to 18.0.21, one of them showed this message beforehand:

WARNING: There are 6 accounts with passwords encrypted using a deprecated algorithm. Please refer to Plesk upgrade warning: There are accounts with passwords encrypted using a deprecated algorithm for the instructions about how to change the password type to plain.

I followed the instructions in the article and tracked down these objects (database users). I fixed the issue by retrieving the current password from wp-config.php (these are all Wordpress sites) and applying the same password to the users. That did the trick.

Then I noticed... these sites were migrated from Cpanel using the migration tool. So I believe the bug is that the migration routine is recreating the database users from the old server with the same password (so as to not break the website) but using a deprecated algorithm.

So my suggestion is to review the migration code so as to create new database users using the new password algorithm.
 
What you're asking is practically impossible. The password encryption can't be reversed, therefore the clear text passwords can't be easily recreated. And without the clear text passwords, the automated transfer mechanism has no way of encrypting the passwords using a newer algorithm.

Keep in mind that you were able to manually get the clear text passwords only because you had access to the site code and knew where to look. First, the code might not always be available, and second, an automated transfer mechanism can't read passwords as easily as a human can, because they are not always written in the same place or in the same form.

I'd advise anyone migrating the sites from other control panels and dealing with the deprecated algorithms, to deal with it right away. Recreate the passwords or even reset them if needed be, don't wait for it to become an issue later on.
 
In this case, maybe some warning somewhere during the transfer would be nice. Or was it so hidden that I didn't see it.

In any case I'm glad it showed up during the upgrade procedure so it could be dealt right away.
 
You must log in or register to reply here.

Similar threads

K
Resolved How to create a database user with a known password hash
Replies
6
Views
3K
Kaspar
K
M
Issue plesk backup with password not working
Replies
3
Views
815
Peter Debik
P
M
Issue The domain resolves to the incorrect IP address...
Replies
0
Views
738
madpugger
M
Tim_Wakeling
Issue After changing root password and Plesk admin passwords, migration fails
Replies
6
Views
1K
Martin Dias
Martin Dias
M
Issue Migration feedback - a bunch of comments
Replies
14
Views
6K
M_N
M
Back
Top