0

Hello, there this is my first post and I´m desperate seeking for help, I have almost not knowledge of SQL as it is not my usual work.

However, suddenly it has converted in mine....Hopefully I will got help in here.

Well the issue is that our database manager has resigned suddenly and before doing it he has changed the passwords of all the users in

our database of a monitoring web application. So all our users have no access now to the application. After many tryouts I finally got

access to the database and to the users table. However I have the issue that the passwords looks as below showed and I don´t know what

the real password is.

I have tried to decrypt using web decrypting pages as it looks like normal base64 strings, but it returns weird stuff. Also as I don´t

know the real encryption used I can´t change to a know string. So if some could help me getting how it was encrypted or better to find

out the real passwords it will be truly appreciated. If it is needed more info please tell me so I can send it to you, or if you need the

database itself I can send you a backup.

Best Regards to everyone.

Number USERNAME Password
1 1*** uFHNaI0yloE=
2 2*** uQ7f4zrS+I8=
3 3*** vZLMcLSYGgU=
4 4*** X1huNktKxiE=
5 5*** Xj7X/j7IJlY=
6 6*** xnjJfMyiK24=
7 7*** YcQhuzE8ZKM=
8 8*** yPkatR/yu34=
9 9*** Z/+ujjLnAPI=
10 10*** Z/+ujjLnAPI=
11 11*** /E4vCqpZ0HWGa5akKPfeGg==
12 12*** +/IkfCripBiyGKX+0BOq5Q==
13 13*** +wv6aVBpAdoaVOIop5k7hA==
14 14*** 0Xn9c0+SZLfFS+jEYqBUuQ==
15 15*** 1CvLvdtfMemipN6agFOUcw==
16 16*** 1YVYxTctsZlar9Vv7btVTw==
17 17*** 4PVwBey0bOkwC3NA183F5g==
18 18*** 5thrQN8LxHNhaMr4RJz1Bg==
19 19*** 6qk+WBaRa9+GiOdvR5pEjw==

4
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by pclfw
0

I don't think that is possible. If you have the access to the 'users' table, why don't you update the table setting an empty password ? Then send a mail to all the people in the users table(I am sure you will have a field 'email' in the table) asking them to create a new password for their username!

Edit: Welcome to Daniweb btw ! :)

0

I would say the same thing - update all user passwords to something generic, apologize, and ask everyone to reset their passwords.

I'm sure the field was encryoted to prevent even the database manager from gaining access to user passwords.

0

And have a word with the company solicitor with regard to prosecuting the previous database manager under the computer misuse act.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.