We are working on a Single Sign On script, where the user logs into our system, and they are automatically signed into their corresponding VBulletin account as well. We are setting their VB password as an md5 hash of some values, but it is not working. I have tried manually updating the user's password with the admin account, and I have found the following behavior:
If I set the password to `b3c2146889e90f661ec1a24f8c463e8e` it tells me "
If I try `mytestpassmytestpassmytestpassmytestpass` I am able to login, and with that I was able to confirm its not a password length issue.
If I try converting numbers in the original hash to its corresponding letter, it works: `bccbadfhhieijfffaecaabdfhcdfcehe`
But if I replace the non hex letters with random numbers in the string above, it doesn't work: `bccbadf437e28fffaecaabdf9cdfce1e`
Based on this behavior it seems that the VB5 system has issues trying to validate a password that is a valid md5 hash. Is this the case? Are there any work arounds?
Any help would be much appreciated.
If I set the password to `b3c2146889e90f661ec1a24f8c463e8e` it tells me "
You have entered an invalid username or password.
"If I try `mytestpassmytestpassmytestpassmytestpass` I am able to login, and with that I was able to confirm its not a password length issue.
If I try converting numbers in the original hash to its corresponding letter, it works: `bccbadfhhieijfffaecaabdfhcdfcehe`
But if I replace the non hex letters with random numbers in the string above, it doesn't work: `bccbadf437e28fffaecaabdf9cdfce1e`
Based on this behavior it seems that the VB5 system has issues trying to validate a password that is a valid md5 hash. Is this the case? Are there any work arounds?
Any help would be much appreciated.
Comment