• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Password warning while updating to Obsidian 18.0.21

Denis Gomes Franco

Denis Gomes Franco

Regular Pleskian
Hey, I think I may have found a small bug.

While updating my servers to 18.0.21, one of them showed this message beforehand:

WARNING: There are 6 accounts with passwords encrypted using a deprecated algorithm. Please refer to Plesk upgrade warning: There are accounts with passwords encrypted using a deprecated algorithm for the instructions about how to change the password type to plain.

I followed the instructions in the article and tracked down these objects (database users). I fixed the issue by retrieving the current password from wp-config.php (these are all Wordpress sites) and applying the same password to the users. That did the trick.

Then I noticed... these sites were migrated from Cpanel using the migration tool. So I believe the bug is that the migration routine is recreating the database users from the old server with the same password (so as to not break the website) but using a deprecated algorithm.

So my suggestion is to review the migration code so as to create new database users using the new password algorithm.
 
What you're asking is practically impossible. The password encryption can't be reversed, therefore the clear text passwords can't be easily recreated. And without the clear text passwords, the automated transfer mechanism has no way of encrypting the passwords using a newer algorithm.

Keep in mind that you were able to manually get the clear text passwords only because you had access to the site code and knew where to look. First, the code might not always be available, and second, an automated transfer mechanism can't read passwords as easily as a human can, because they are not always written in the same place or in the same form.

I'd advise anyone migrating the sites from other control panels and dealing with the deprecated algorithms, to deal with it right away. Recreate the passwords or even reset them if needed be, don't wait for it to become an issue later on.
 
In this case, maybe some warning somewhere during the transfer would be nice. Or was it so hidden that I didn't see it.

In any case I'm glad it showed up during the upgrade procedure so it could be dealt right away.
 
You must log in or register to reply here.

Similar threads

LionKing
Issue Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS
Replies
5
Views
667
LionKing
LionKing
Daerik
Resolved Plesk Migrator Failing to Sync Database Records After Server Upgrade
Replies
8
Views
1K
Maarten
M
Nicola
Question mysql_native_password to caching_sha2_password for database user
Replies
2
Views
1K
Aleksei Fedorov
A
M
Resolved Unable to export database. Error message: -- Connecting to localhost... mariadb-dump: Got error: 1045: "Access denied for user '<userx>'@'localhost'
Replies
1
Views
325
maredzki
M
T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top