Problem with my password

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
vincitytaymodaimo
Posts: 1
Joined: 20 Sep 2018, 01:20

Problem with my password

Post by vincitytaymodaimo »

All,

I administer our website in which we recently integrated mantis bt. The integration consisted of minor UI cleanup and customization, as well as an integration layer between our user management and the mantis_user_table. All went well with us being able to create users and administer their rights from our user management area, however randomly (it has happened ~4 times over a few months) ALL user passwords reset in the mantis_user_table. This recently happened this weekend with every user in our table receiving the password:
0778b339994bbb16d0a61b46a9ea9635

I would have thought this to be an error in our integration layer when someone was updating their password; however no one in our db tables or forum tables has this hash as their password.

I have removed the ability for users to update their passwords from within mantis, and no one has access to our admin section other than a select few users. I am the only one who actually logs onto our remote server to monitor the DB leaving me to believe this is an automatic process.

Because of this I was wondering if mantis had an "Automatically reset passwords every n days" feature I was unaware of that might be enabled. If that is not the case, is there any feature in mantis could automatically update passwords?

Any help is appreciated
Best regard!
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Problem with my password

Post by atrol »

vincitytaymodaimo wrote: 20 Sep 2018, 01:34I was wondering if mantis had an "Automatically reset passwords every n days" feature I was unaware of that might be enabled.
There is no such feature out of the box.
vincitytaymodaimo wrote: 20 Sep 2018, 01:34is there any feature in mantis could automatically update passwords?
No

So it seems you have been hacked, or there is a bad guy in your team or there is a bug in the implementation of the user management integration layer.
Please use Search before posting and read the Manual
Post Reply