vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Reset All User Passwords? (https://vborg.vbsupport.ru/showthread.php?t=281364)

Dark Navi 04-10-2012 10:57 AM
Reset All User Passwords?
 
So our database was recently dumped and I'm trying to mass reset all passwords on the forum, so that users have to recover their passwords.

How would I go about doing this?

Is there a an SQL query I can execute to change all passwords to usernames? and then use the vulnerable passwords tool?

kh99 04-10-2012 11:10 AM
Here's a thread where someone posted a script to change all passwords for a usergroup to the usernames: www.vbulletin.org/forum/showthread.php?t=243919 then I believe they will be required to change because a password the same as the name isn't allowed.


I think another possibility (which lets users log in one more time with their current password) would be to set a password expiration date for the usergroup, then do a query to set the password date to some time in the past. But that will tell users that they "haven't changed their password for X days" which could be confusing.

Dark Navi 04-10-2012 11:15 AM
Quote:
Originally Posted by kh99 (Post 2318647)
Here's a thread where someone posted a script to change all passwords for a usergroup to the usernames: www.vbulletin.org/forum/showthread.php?t=243919 then I believe they will be required to change because a password the same as the name isn't allowed.


I think another possibility (which lets users log in one more time with their current password) would be to set a password expiration date for the usergroup, then do a query to set the password date to some time in the past. But that will tell users that they "haven't changed their password for X days" which could be confusing.
And it defeats the object, as the database was leaked, malicious people will just login to the accounts, and change the passwords

kh99 04-10-2012 11:18 AM
Quote:
Originally Posted by Dark Navi (Post 2318648)
And it defeats the object, as the database was leaked, malicious people will just login to the accounts, and change the passwords
Ah, right, I see. Then the script in that thread is probably what you want. (It involves running the vulnerable password tool like you were saying).

Dark Navi 04-10-2012 11:37 AM
But yeah, I've gone ahead and used that script, just mailing out the passwords now, and I've put a htaccess on the site in the meantime just in case.


All times are GMT. The time now is 09:57 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01468 seconds
  • Memory Usage 1,719KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete