show user password in admin panel v.2.2.0

[SWFans.net]

Quote:

Originally posted by dxb
There are many reasons for me
3. alot of times when ever I do hacks ... I have to login using some of my moderators login names to check for troubles ... and I have over 50 moderator and normally I don't have the time to ask them for the password and wait for the answer .... a simple example is the moderator log hack ... I had one moderator name that was not being logged ... after using his name and testing I discovered it was because he used a custom user title

I have a simple solution for this one.

Register another account for yourself(different name) and grant it moderator abilities, so you can test the accesses or whatnot.

[Bald Bouncer]

Quote:

Showing the passwords in the admin panel might have been a hack once, but it's been in the product proper for all the 2.n versions. I'm not sure when it was added - that is if it was not always available with the plain text versions.

Well it's a change to in admin/config.php so isn't it a hack? and if it wasn't then why was it posted in the hacks section.
So if you have this visable then you must have change it.
I'm also having problems with the new system and have had to delete one mod and get him to register again because it won't accept his pass or send it, normally a simple problem like this I could have sorted it 5 mins, now I got to add him back to forums etc, pain in the arse.

[SFishy]

I'm just going to chime in and say I agree this should have been an option. Just because some people think encryption is the only way to go, that doesn't mean it's the best way to go for all paying customers. Some of us can't afford the time and work it's going to take to rewrite our authentication systems so they now work with VB's new encrypted passwords (I have a chat system that uses the same username and passwords as my VB, or at least it used to). Some of us also don't have time to be explaining in e-mail after e-mail this new procedure to our members, who now can't have their passwords e-mailed to them. Some of us have lots of problems with people opening up second and third accounts, and any little way to track these people down is helpful (by doing searches for passwords). It was a feature in VB prior to 2.2.0 and now it's not. As a paying customer, I kinda think I should have been warned that adding encryption was going to take other things away from me. And what should we do? Not upgrade? Stay at 2.0.3 forever? That's the way companies lose customers.

So I agree it should have been an option.
And I'd LOVE to see a hack that intercepts before it's encrypted, and copies it to an "admin only" custom field. A field I could easily use for my chat purposes, for helping my members, and for finding duplicate accounts.

[afterlab]

I am totally against this hack. I hate this feature because some people use the same password within many websites so that they can remember. Well what if the administrator see's someone's password? They can have access to websites, e-mail, other bulletin boards and more!! Please, vbulletin.org, if you are going to install this, remind me, so that I know to leave.

If you make this hack, I will not join anymore Bulletin Boards. If you do, at least the Administrator(s) should tell us that they have installed it, so I know not to join.

And that's that.

[SFishy]

Give me a break Afterlab. I really don't want to argue with you about this, but your signature says you are using 2.0.3 and that version doesn't have encrypted passwords out of the box. So you my friend, have (or at least had) the ability to see passwords.

[afterlab]

Ah really? Crap. << Is stupid

[DelusionalMind]

so anyone make this yet?

i want an option to take it out...it shouldn't be taht hard...should it? i'd do it msyelf i knew php and all taht stuff...

[kaizen]

Firely: No one has broken the md5 hashing system.

MD5 can be brute forced but anything above 4 or 5 characters would take weeks.

I had a script a little while ago (i'll have to dig it out) that could break passwords encryted in md5 for anything upto 4 characters. Anything above that and it would crash the server.

If you want; someone make a 3 character password and copy the md5 hash into here and i'll see what i can do. Nothing above 3 otherwise it will crash my personal server.

[okrogius]

I believe there used to be some hack to get rid of md5. However it was never tested. Check out the full releases forum. I might be wrong...

IMO there's no reason why you should need too see member's passwords. But if you bought vb and you want it then it's your choice. Hoever in that prior to registering agree//disagree prompt please mention that you reserve the right to view user's passwords.

[okrogius]

[QUOTE]Originally posted by kaizen
Firely: No one has broken the md5 hashing system.

MD5 can be brute forced but anything above 4 or 5 characters would take weeks.

I had a script a little while ago (i'll have to dig it out) that could break passwords encryted in md5 for anything upto 4 characters. Anything above that and it would crash the server.

If you want; someone make a 3 character password and copy the md5 hash into here and i'll see what i can do. Nothing above 3 otherwise it will crash my personal server.