Vesta 2.0 is coming soon! See our progress update: https://vestacp.com/docs/vesta-2-update
WebUI seems to generate incorrect password hashes
WebUI seems to generate incorrect password hashes
Hey There,
After that update for the web api vulnerability (see viewtopic.php?f=10&t=16556), I've found every time I create a mail/ftp account through vestacp I am unable to login without first manually changing the password using the v* tools (i.e. v-change-mail-account-password). To me it seems like vestacp ui is somehow hashing wrong.
As a bit of background, I affected by the vulnerability but managed to simply roll back my server to a backup and then restricted the webui with Ip tables and changing the default web port. So the server is actually clean from the vulnerability.
Has anyone had similar issues or have any suggestions on how to fix, it’s pretty annoying?
After that update for the web api vulnerability (see viewtopic.php?f=10&t=16556), I've found every time I create a mail/ftp account through vestacp I am unable to login without first manually changing the password using the v* tools (i.e. v-change-mail-account-password). To me it seems like vestacp ui is somehow hashing wrong.
As a bit of background, I affected by the vulnerability but managed to simply roll back my server to a backup and then restricted the webui with Ip tables and changing the default web port. So the server is actually clean from the vulnerability.
Has anyone had similar issues or have any suggestions on how to fix, it’s pretty annoying?
Re: WebUI seems to generate incorrect password hashes
Just to bump this, can anyone give me any clues where to even look for a problem with the web ui hashing the passswords wrong?