Web Wiz Support and Community Forums : Bug in plain text passwords https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Thu, 09 Apr 2026 06:47:11 +0000 Fri, 11 Aug 2006 09:31:22 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=20978 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Bug in plain text passwords : Many thanks for pointing this...]]> https://forums.webwiz.net/bug-in-plain-text-passwords_topic20978_post112435.html#112435 Author: WebWiz-Bruce
Subject: 20978
Posted: 11 August 2006 at 9:31am

Many thanks for pointing this out.

Although I would highly recommend that you do use password encryption.
]]> Fri, 11 Aug 2006 09:31:22 +0000 https://forums.webwiz.net/bug-in-plain-text-passwords_topic20978_post112435.html#112435 <![CDATA[Bug in plain text passwords : Hi, I Thought you would like...]]> https://forums.webwiz.net/bug-in-plain-text-passwords_topic20978_post112406.html#112406 Author: rockliffe
Subject: 20978
Posted: 10 August 2006 at 1:05pm

Hi,
 
I Thought you would like to know that if you use plain text passwords (blnEncryptedPasswords = False) then the code to update passwords in register.asp will not work correctly as it sets the new password to <password><salt> rather than just <password> (See below)
 
Cheers,
 
Ben
 
'If the password doesn't match that stored in the db then this is a password update
         If rsCommon("Password") <> strEncryptedPassword AND blnConfirmPassOK Then
                  'Generate new salt
                  strSalt = getSalt(Len(strPassword))
           'Concatenate salt value to the password
             strEncryptedPassword = strPassword & strSalt
           'Re-Genreate encypted password with new salt value
              If blnEncryptedPasswords Then strEncryptedPassword = HashEncode(strEncryptedPassword)
                 'Set the changed password boolean to true
                 blnPasswordChange = True
         End If
 
should be:
 
'If the password doesn't match that stored in the db then this is a password update
         If rsCommon("Password") <> strEncryptedPassword AND blnConfirmPassOK Then
   If blnEncryptedPasswords Then 
                   'Generate new salt
                   strSalt = getSalt(Len(strPassword))
 
            'Concatenate salt value to the password
              strEncryptedPassword = strPassword & strSalt
            'Re-Genreate encypted password with new salt value
               strEncryptedPassword = HashEncode(strEncryptedPassword)
   Else
    strEncryptedPassword = strPassword
   End If
 
                 'Set the changed password boolean to true
                 blnPasswordChange = True
         End If
]]> Thu, 10 Aug 2006 13:05:33 +0000 https://forums.webwiz.net/bug-in-plain-text-passwords_topic20978_post112406.html#112406