Author Topic: Unable to log in - Password reset not working  (Read 13889 times)

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 977
Re: Unable to log in - Password reset not working
« Reply #30 on: May 31, 2020, 08:08:18 AM »
Another interesting thing to know would be why (seemingly) only few members (as I have noticed so far) could escape this breach and where able to reset their password (including me)?
Maybe it was all related to timing and quick responding to the password reset, just pondering...

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1733
Re: Unable to log in - Password reset not working
« Reply #31 on: May 31, 2020, 08:40:55 AM »
- If the index of the database is compromised it must be repaired or restored alone as mentioned above the administrators have the access right for this kind of operation.
- If the database has been manipulated by the hacker, for example deletion or modification of accounts, only the SQL restore is beneficial.
- If there is a problem with PHP programming in this case, the language must be modified.
Anyway apart from a complete restoration of the server from the last recent backup after having solved the security flaw is beneficial to be fast is effective
It's my personal viewpoint
Windows 10 Pro x64 Build 19042.964 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.04

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26525
Re: Unable to log in - Password reset not working
« Reply #32 on: May 31, 2020, 11:39:39 AM »
Another interesting thing to know would be why (seemingly) only few members (as I have noticed so far) could escape this breach and where able to reset their password (including me)?
Maybe it was all related to timing and quick responding to the password reset, just pondering...
We are wondering about this also but we don't know either. May be the system choked on the amount of password reset messages?
« Last Edit: May 31, 2020, 04:58:17 PM by EricJH »

Offline itsParhaM

  • Newbie
  • *
  • Posts: 16
Re: Unable to log in - Password reset not working
« Reply #33 on: May 31, 2020, 02:54:43 PM »
Hello,

so i have registered to the forums 3 days ago with another email and then i got an email telling me that my registeration request needs to reviewed first then i get access to the forums, so after 3 days i still getting the message that my account needs approval to login to the forums. today i've registered with another email and it just sent me an activation link and i'm in ( current account ). so what's the matter with my previous registration? is it lost somewhere? i need to change email of this account to the email that i've registered for the other one if that one is not going to get access to forum. i tried to change email in settings and it telling me that there is someone registered with that email. any admin can help fix this?

Thanks!

Offline Ploget

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1783
  • 'Your best teacher is your last mistake'
    • Schneier on Security
Re: Unable to log in - Password reset not working
« Reply #34 on: May 31, 2020, 03:00:41 PM »
Hi - I wouldn't go changing anything on your account, until potential problems with the forum access are sorted out. Once that is done we should be able to fix problem
so i have registered to the forums 3 days ago with another email and then i got an email telling me that my registeration request needs to reviewed first then i get access to the forums, so after 3 days i still getting the message that my account needs approval to login to the forums. today i've registered with another email and it just sent me an activation link and i'm in ( current account ). so what's the matter with my previous registration? is it lost somewhere? i need to change email of this account to the email that i've registered for the other one if that one is not going to get access to forum. i tried to change email in settings and it telling me that there is someone registered with that email. any admin can help fix this?
Ploget

All Win 10 x 64 Pro - 20H2 (19042.964) / CIS 12.2.2.8012
Comodo Forum Policy
“If you think you are too small to make a difference, try sleeping with a mosquito”

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 977
Re: Unable to log in - Password reset not working
« Reply #35 on: May 31, 2020, 05:14:18 PM »
The mileage among the mods also varied. I asked for multiple password requests Thursday night early Friday morning but didn't get any reset emails; I am still waiting to see if they arrive one day. One mod managed to get a reset link after 4 attempts, another mod could use the secret question/answer route. I have the phone number of one of the mods and I could connect with him on WhatsApp. He had access and gave me temporary password. That's how I got back in. Some didn't have a problem resetting the password.

The breach struck everyone, that's serious matter.

I think that it could take quite some time (maybe a long time) for the investigators to check each and every user profile before they can approve and release them.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26525
Re: Unable to log in - Password reset not working
« Reply #36 on: May 31, 2020, 05:44:58 PM »
The problems with the password reset not working is likely unrelated to the breach.

With the password reset for all accounts the danger has been neutralized. That is the beauty of the password reset; there is no need to scrutinize all accounts (which is too much work).

According to the post by Vinny Troia the hack was done by using a vulnerability in vBulletin. That means the hack started at one of four other Comodo Forums using vBulletin software. Those forums have been patched to the latest version which fixes the vulnerability used in the hack. With this entry blocked and all passwords reset the danger is averted.

Offline Dustyn

  • Comodo's Hero
  • *****
  • Posts: 220
Re: Unable to log in - Password reset not working
« Reply #37 on: May 31, 2020, 07:11:51 PM »
Doesn't work for me by following Comodo's instructions to re-enter password for security purposes.

The fix is just to click "Forgot password" and then to have them "e-mail you" to reset your password.

I chose a new password clicked apply and boom, done, access restored.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26525
Re: Unable to log in - Password reset not working
« Reply #38 on: May 31, 2020, 08:44:51 PM »
Thanks for letting us know. The password reset works for some and will not work for others.

When did you change your password? Shortly before you posted here?

Offline Dustyn

  • Comodo's Hero
  • *****
  • Posts: 220
Re: Unable to log in - Password reset not working
« Reply #39 on: June 01, 2020, 12:01:52 AM »
Thanks for letting us know. The password reset works for some and will not work for others.

When did you change your password? Shortly before you posted here?
Today.
I changed my password as soon as I clicked the "forgot password" option. Comodo immediately e-mailed me a link to choose a new password. I then followed the link and changed my password and I logged in here to post that initial reply. I wasn't going to mess around with the other option you can choose the "secret security question" as I don't know if I would remember.
« Last Edit: June 01, 2020, 12:05:33 AM by Dustyn »

Offline markinson

  • Comodo Member
  • **
  • Posts: 33
Re: Unable to log in - Password reset not working
« Reply #40 on: June 01, 2020, 02:32:04 AM »
The password reset procedure to me working since May 30th. I want to say that on May 30th I finally received the e-mail with the link for the reset, therefore, having changed the password, I was able to enter the forum again. Thanks for your work and the explanations provided!  ;)

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 977
Re: Unable to log in - Password reset not working
« Reply #41 on: June 01, 2020, 03:22:39 AM »
My aim was to create some "Questions and Answers" here for those who could not login yet and to provide them with some information, hope it helped.

Looks like things are getting sorted out and going better. :)

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1733
Re: Unable to log in - Password reset not working
« Reply #42 on: June 01, 2020, 03:34:03 AM »
It should be understood that if there is a problem with the Comodo server sending the password reset when you click on "forgotten password", it doesn't work
The SMF forum is based on a PHP + MySql + Server Network couple
As explained above, management, maintenance and troubleshooting is the responsibility of the administrator.
The MySql database contains the emails of users with a SHA-1 encrypted password in relation to the ID
Windows 10 Pro x64 Build 19042.964 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.04

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 977
Re: Unable to log in - Password reset not working
« Reply #43 on: June 01, 2020, 03:41:53 AM »
It is still buzzing through my head that SHA-1 is broken long time ago...  :(

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1733
Re: Unable to log in - Password reset not working
« Reply #44 on: June 01, 2020, 04:04:42 AM »
It is still buzzing through my head that SHA-1 is broken long time ago...  :(

In cryptography, hash functions allow to calculate a unique fingerprint from an input.
Hash functions have various applications, including the ability to calculate the unique fingerprint of a file or to store passwords securely in a database.

The other thing to be aware of is that the calculation can only be done in one direction.
This calculation is irreversible, i.e. you can calculate the fingerprint of a phrase or file but you cannot retrieve the original phrase or file from the fingerprint.

To try, you can use the following generator http://www.sha1-online.com/ which allows you to calculate hashprints.

To decode an encrypted password under SHA-1 you need a super calculator which today takes about 1 hour provided that the password has only 8 lowercase letters
The number of passwords in the Comodo forum database is staggering so no interest for the hacker.
Windows 10 Pro x64 Build 19042.964 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.04

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek