CyberPanel 1.8.8: Rehashes Any Preexisting, Already Hashed Email Passwords

edited July 2019 in Bug Report
I warned CyberPanel about this but there are still issues with their upgrade password migration scripting. Days earlier, I had reset all my passwords in 1.8.7 using CyberPanel's change password tool. Today, as I upgraded, 1.8.8 reencrypted over top of all my preexisting encrypted passwords. All passwords are hashed to "$2y$05" level BCRYPT encryption. Observing their code in action, I can see what is going on. Their code hashes over top of the hashing, or double encrypts those passwords. Repeat: this impacts you even if your passwords were properly reset and re-hashed by CyberPanel in 1.8.7 using their password reset tool or the CyberPanel Rainloop password reset plugin. The bottom line is the upgrade script is again (still) broken and will hash over top of your password hashes, making them all corrupt and unreadable, again needing to be reset one by one. So whatever you do, by all means, don't upgrade to 1.8.8 until @CyberPanel addresses this!


Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!