So our database was recently dumped and I'm trying to mass reset all passwords on the forum, so that users have to recover their passwords.

How would I go about doing this?

Is there a an SQL query I can execute to change all passwords to usernames? and then use the vulnerable passwords tool?

Here's a thread where someone posted a script to change all passwords for a usergroup to the usernames: www.vbulletin.org/forum/showthread.php?t=243919 then I believe they will be required to change because a password the same as the name isn't allowed.


I think another possibility (which lets users log in one more time with their current password) would be to set a password expiration date for the usergroup, then do a query to set the password date to some time in the past. But that will tell users that they "haven't changed their password for X days" which could be confusing.

Here's a thread where someone posted a script to change all passwords for a usergroup to the usernames: www.vbulletin.org/forum/showthread.php?t=243919 then I believe they will be required to change because a password the same as the name isn't allowed.


I think another possibility (which lets users log in one more time with their current password) would be to set a password expiration date for the usergroup, then do a query to set the password date to some time in the past. But that will tell users that they "haven't changed their password for X days" which could be confusing.

And it defeats the object, as the database was leaked, malicious people will just login to the accounts, and change the passwords

And it defeats the object, as the database was leaked, malicious people will just login to the accounts, and change the passwords

Ah, right, I see. Then the script in that thread is probably what you want. (It involves running the vulnerable password tool like you were saying).

But yeah, I've gone ahead and used that script, just mailing out the passwords now, and I've put a htaccess on the site in the meantime just in case.