You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Torsten Schlabach <ts...@gmx.net> on 2007/03/12 15:21:24 UTC

Recover lost admin password

Hi!

I have an OFBiz installation where someone changed the standard password 
of admin / ofbiz to something else, but it got lost. There are other 
users in the system, but none of them has sufficient privilegdes to 
reset the password for admin.

Is there a simple way of fixing this?

Regards,
Torsten

Re: Recover lost admin password

Posted by Richard Fleming <ri...@thebva.com>.

You can also sign in to the ecommerce app and have it email you a new password.
   
  Another reason to hold usernames of admin and such close to the chest.
   
  Rick

"David E. Jones" <jo...@hotwaxmedia.com> wrote:
  
On Mar 12, 2007, at 9:45 AM, Walter Vaughan wrote:

> "Madmax" and "bigal" are a little disconcerting backdoor parties.

I'm not sure what you mean by this. I took a peek at their settings 
and they look pretty safe to me, and are just users that are part of 
the blog demo data. I would prefer it if more generic names and such 
were used, like the DemoCustomer and other similar accounts, but I'm 
not sure how they would be "backdoor" users.

-David

Re: Recover lost admin password

Posted by "David E. Jones" <jo...@hotwaxmedia.com>.

On Mar 12, 2007, at 9:45 AM, Walter Vaughan wrote:

> "Madmax" and "bigal" are a little disconcerting backdoor parties.

I'm not sure what you mean by this. I took a peek at their settings  
and they look pretty safe to me, and are just users that are part of  
the blog demo data. I would prefer it if more generic names and such  
were used, like the DemoCustomer and other similar accounts, but I'm  
not sure how they would be "backdoor" users.

-David

Re: Recover lost admin password

Posted by Walter Vaughan <wv...@steelerubber.com>.

Jacques Le Roux wrote:

> Torsten, all,
> 
> FYI, beware to not stay with default logins and passwords in production
> sites. This for obvious security reasons. Please see  recommendations in
> http://tinyurl.com/yuldmy.

The following users all have "ofbiz" as password. "Madmax" and "bigal" are a 
little disconcerting backdoor parties. YMMV. This is a ofBiz/OpenTaps box that 
only has demo data installed users.

"admin"
"system"
"flexadmin"
"demoadmin"
"ltdadmin"
"bizadmin"
"blog_author"
"madmax"
"supplier"
"DemoBuyer"
"DemoRepAll"
"DemoRepStore"
"DemoCustCompany"
"DemoCustAgent"
"DemoCustomer"
"blog_admin"
"blog_editor"
"blog_user"
"bigal"
"blog_guest"

--
Walter

Re: Recover lost admin password

Posted by Jacques Le Roux <ja...@les7arts.com>.

Torsten, all,

FYI, beware to not stay with default logins and passwords in production
sites. This for obvious security reasons. Please see  recommendations in
http://tinyurl.com/yuldmy.

Thanks to TinyUrl Creator https://addons.mozilla.org/mozilla/126/ I was
able to create this tiny URL with an anchor :o)

Jacques


> Hi Torsten,
>         There is one more user with flexadmin and ofbiz we can login
and
> change the admin password getting into party manger.
> regards
> Phani
>
>
> On 3/12/07, Torsten Schlabach <ts...@gmx.net> wrote:
> >
> > Hi!
> >
> > I have an OFBiz installation where someone changed the standard
password
> > of admin / ofbiz to something else, but it got lost. There are other
> > users in the system, but none of them has sufficient privilegdes to
> > reset the password for admin.
> >
> > Is there a simple way of fixing this?
> >
> > Regards,
> > Torsten
> >
>
>
>
> -- 
> G.Venkata Phanindra
> Mob:: 9849852989
>

Re: Recover lost admin password

Posted by Torsten Schlabach <ts...@gmx.net>.

That helped, thank you.

Any yes, it's a reminder to close all that backdoors on a productive system.

Isn't there something like a test suite which would check for all of this?

Regards,
Torsten

G.Venkata Phanindra schrieb:
> Hi Torsten,
>        There is one more user with flexadmin and ofbiz we can login and
> change the admin password getting into party manger.
> regards
> Phani
> 
> 
> On 3/12/07, Torsten Schlabach <ts...@gmx.net> wrote:
> 
>>
>> Hi!
>>
>> I have an OFBiz installation where someone changed the standard password
>> of admin / ofbiz to something else, but it got lost. There are other
>> users in the system, but none of them has sufficient privilegdes to
>> reset the password for admin.
>>
>> Is there a simple way of fixing this?
>>
>> Regards,
>> Torsten
>>
> 
> 
>

Re: Recover lost admin password

Posted by Andrew Sykes <an...@sykesdevelopment.com>.

Torsten

You could write a Selenium test and add it to the Selenium patch ;-) 
https://issues.apache.org/jira/browse/OFBIZ-680

- Andrew


On Mon, 2007-03-12 at 20:35 +0100, Torsten Schlabach wrote:
> That helped, thank you.
> 
> Any yes, it's a reminder to close all that backdoors on a productive system.
> 
> Isn't there something like a test suite which would check for all of this?
> 
> Regards,
> Torsten
> 
> G.Venkata Phanindra schrieb:
> > Hi Torsten,
> >        There is one more user with flexadmin and ofbiz we can login and
> > change the admin password getting into party manger.
> > regards
> > Phani
> > 
> > 
> > On 3/12/07, Torsten Schlabach <ts...@gmx.net> wrote:
> > 
> >>
> >> Hi!
> >>
> >> I have an OFBiz installation where someone changed the standard password
> >> of admin / ofbiz to something else, but it got lost. There are other
> >> users in the system, but none of them has sufficient privilegdes to
> >> reset the password for admin.
> >>
> >> Is there a simple way of fixing this?
> >>
> >> Regards,
> >> Torsten
> >>
> > 
> > 
> > 
-- 
Kind Regards
Andrew Sykes <an...@sykesdevelopment.com>
Sykes Development Ltd
http://www.sykesdevelopment.com

Re: Recover lost admin password

Posted by "G.Venkata Phanindra" <ph...@gmail.com>.

Hi Torsten,
        There is one more user with flexadmin and ofbiz we can login and
change the admin password getting into party manger.
regards
Phani


On 3/12/07, Torsten Schlabach <ts...@gmx.net> wrote:
>
> Hi!
>
> I have an OFBiz installation where someone changed the standard password
> of admin / ofbiz to something else, but it got lost. There are other
> users in the system, but none of them has sufficient privilegdes to
> reset the password for admin.
>
> Is there a simple way of fixing this?
>
> Regards,
> Torsten
>



-- 
G.Venkata Phanindra
Mob:: 9849852989

Re: Recover lost admin password

Posted by Walter Vaughan <wv...@steelerubber.com>.

Torsten Schlabach wrote:
> I have an OFBiz installation where someone changed the standard password 
> of admin / ofbiz to something else, but it got lost. There are other 
> users in the system, but none of them has sufficient privilegdes to 
> reset the password for admin.
> 
> Is there a simple way of fixing this? 
> 
If you have write access to the database and especially the user_login table, 
you can paste in a known value in the current_password column from a known 
user/password combination.

--
Walter

Re: Recover lost admin password

Posted by Chris Howe <cj...@yahoo.com>.

Do you have access to the entity maintenance in webtools or to
database?  If so, change UserLogin.password to the encrypted value of a
known password.  This is one of many good reasons not to share user
login information.

--- Torsten Schlabach <ts...@gmx.net> wrote:

> Hi!
> 
> I have an OFBiz installation where someone changed the standard
> password 
> of admin / ofbiz to something else, but it got lost. There are other 
> users in the system, but none of them has sufficient privilegdes to 
> reset the password for admin.
> 
> Is there a simple way of fixing this?
> 
> Regards,
> Torsten
>