password auto reset?

djmaro21

Maybe this is not bug but some feature...

Today one of my people had a problem with login to EPESI.
He use his own username and password but it was wrong.

So, we click on "recover password" and he recived a very strange password like "pgujdrte".
He never change a password - me too.
After login with this "new" password he change it to the old password and everything is ok.

What was happend?
Marek

ethnar

Hello,

The password reset feature requires an update and should soon be modified to make it more explicit.

What happened in the situation you described is intended work. The passwords in epesi are stored as md5 hash, and thus if the password is forgotten, there's no deterministic way to provide what the password was based on the md5 hash.
Instead, the system generates a new password and mails it to the user. It's a standard password recovery method in many systems.

After receiving the e-mail with new password, it's highly recommended to login immediately and change the password.

What I guess happened, there was some typo the first time the password was entered. When the password recovery procedure was initiated, that's when the password actually changed.

I apologize for the confusion caused, we'll be sure to update the password recovery procedure soon, to be more informative and user friendly.

Kind regards,
Arek

Epesi ENS | Epesi Academy | epesi.cloud PaaS | GitHub

Help Me! | Download from SourceForge