I have a simple solution for this one.

Register another account for yourself(different name) and grant it moderator abilities, so you can test the accesses or whatnot.

Well it's a change to in admin/config.php so isn't it a hack? and if it wasn't then why was it posted in the hacks section.
So if you have this visable then you must have change it.
I'm also having problems with the new system and have had to delete one mod and get him to register again because it won't accept his pass or send it, normally a simple problem like this I could have sorted it 5 mins, now I got to add him back to forums etc, pain in the arse.

I'm just going to chime in and say I agree this should have been an option. Just because some people think encryption is the only way to go, that doesn't mean it's the best way to go for all paying customers. Some of us can't afford the time and work it's going to take to rewrite our authentication systems so they now work with VB's new encrypted passwords (I have a chat system that uses the same username and passwords as my VB, or at least it used to). Some of us also don't have time to be explaining in e-mail after e-mail this new procedure to our members, who now can't have their passwords e-mailed to them. Some of us have lots of problems with people opening up second and third accounts, and any little way to track these people down is helpful (by doing searches for passwords). It was a feature in VB prior to 2.2.0 and now it's not. As a paying customer, I kinda think I should have been warned that adding encryption was going to take other things away from me. And what should we do? Not upgrade? Stay at 2.0.3 forever? That's the way companies lose customers.

So I agree it should have been an option.
And I'd LOVE to see a hack that intercepts before it's encrypted, and copies it to an "admin only" custom field. A field I could easily use for my chat purposes, for helping my members, and for finding duplicate accounts.

I am totally against this hack. I hate this feature because some people use the same password within many websites so that they can remember. Well what if the administrator see's someone's password? They can have access to websites, e-mail, other bulletin boards and more!! Please, vbulletin.org, if you are going to install this, remind me, so that I know to leave.

If you make this hack, I will not join anymore Bulletin Boards. If you do, at least the Administrator(s) should tell us that they have installed it, so I know not to join.

And that's that.

Give me a break Afterlab. I really don't want to argue with you about this, but your signature says you are using 2.0.3 and that version doesn't have encrypted passwords out of the box. So you my friend, have (or at least had) the ability to see passwords.

Ah really? Crap. << Is stupid

so anyone make this yet?

i want an option to take it out...it shouldn't be taht hard...should it? i'd do it msyelf i knew php and all taht stuff...

Firely: No one has broken the md5 hashing system.

MD5 can be brute forced but anything above 4 or 5 characters would take weeks.

I had a script a little while ago (i'll have to dig it out) that could break passwords encryted in md5 for anything upto 4 characters. Anything above that and it would crash the server.

If you want; someone make a 3 character password and copy the md5 hash into here and i'll see what i can do. Nothing above 3 otherwise it will crash my personal server.

I believe there used to be some hack to get rid of md5. However it was never tested. Check out the full releases forum. I might be wrong...

IMO there's no reason why you should need too see member's passwords. But if you bought vb and you want it then it's your choice. Hoever in that prior to registering agree//disagree prompt please mention that you reserve the right to view user's passwords.

[QUOTE]Originally posted by kaizen
Firely: No one has broken the md5 hashing system.

MD5 can be brute forced but anything above 4 or 5 characters would take weeks.

I had a script a little while ago (i'll have to dig it out) that could break passwords encryted in md5 for anything upto 4 characters. Anything above that and it would crash the server.

If you want; someone make a 3 character password and copy the md5 hash into here and i'll see what i can do. Nothing above 3 otherwise it will crash my personal server.