Answered MODX EVO 1.0.14 & THE uncrypt>

Dear all,

Today I've noticed that in the MODX database, at the manager users table the "password" field was altered from its original hashed value e.g "15k0fjr...." to "uncrypt>93e9502n".

Which means that not only the phrase "uncrypt>" was added in front of the password but the hashed password itself was also altered.

Any advice on precaution measures will be deeply appreciated. [ed. note: beloved.gr last edited this post 9 years, 5 months ago.]

Another Important observation is that even if I change the password through phpMyAdmin,
the very next time I log in to the MODX Manager, the password will automatically change again in the database, and will get the "uncrypt>" prefix.

For example

- the value in the manager users table of the password field is "uncrypt>93e9502n"
- I change it to something like "chdu68492" ( hashed value )
- when I log in to the manager it goes "uncrypt>ek2982r"


So I guess that it has to do with the login function of the MODX EVO platform.


Any ideas?

Thanks a lot Jako for the answer,

I just concluded the same thing after some research.

My best quess is that the hosting provider must have recently added the capadility to support the UNCRYPT(32 chars salt + SHA-1 hash) HASH algorithm,
which is by default selectted in MODX, and the login problem occured as a result of going from CRYPT_MD5 (salt & stretch) previously used to UNCRYPT(32 chars salt + SHA-1 hash).

Could you then please change the topic title please.

Quote from: Jako at Nov 05, 2014, 09:21 PM

Could you then please change the topic title please.

I'm trying to find where to change the topic title from, but with no luck so far,
any suggestion on how to change it, will be appreciated,.

AFAIK: Editing the first post should help with that …