Reset your Sitecore Admin password to ‘b’ when using SHA512 hashing

Okay, this this relates to my recent post on password hashing in Sitecore, and why we should move away from SHA1. Let’s say you’ve decided to use SHA512 for a brand new instance like Sitecore recommend…

When you create a new website, you must change the weak default hash algorithm (SHA1) that is used to encrypt user passwords to a stronger algorithm.

To change the hash algorithm:

  • Open the web.config file and in the node, set the hashAlgorithmType setting to the appropriate value. We recommend SHA512.

Okay, funky, but how do I make the existing admin’s password work?

Two options:

  • Log in to Sitecore, change the setting in the web config, and when your site reloads, quickly change your password before the session expires.
  • Run the following SQL in your CORE/Security database to set the password:

Update [aspnet_Membership]
set [Password] = 'K8N8GUW8UiNT2mPdjvuBDH+QmvA3R61M9buVvCwFHwtDjpMzTxs34lg0uQ0azCITqh6FkUZlX4kM72lsAyuyXQ=='
where [UserId] = '4342515E-2BF6-4480-91CE-A2D9ACE502A8'
and [PasswordSalt] = 'p5B6HOWKt0ctMZaSNXTlfw=='

This should set the Admin’s password to ‘b’. Obviously, you should then change that to a secure password or passphrase.

Update: For Sitecore 9.0.1, this will need to be:

Update [aspnet_Membership] set [Password] = '2hwfEqtM7gDFekQaV/IOkog5DFmxRtywvUsRJqRf7j82Ns3pUkiu/WohjLk8mIV2+7MjXdMeO9MgAUjildTLtg==', [PasswordSalt] = 'ETJOU1+PX4CwEOw/eN3F6Q==' where [UserId] = '68FFFAA2-1FFE-4006-B661-A8B6B80C81DE'

It seems that the Powershell scripts set a different password and salt for different instances.

This is a lot like how I suggested fixing lock admins before. Note that user ids and password salts seem to change across Sitecore versions; this matched a couple of my Sitecore 8.2 (update 4 and 5) instances, but is a different user id and salt to what worked for my Sitecore 7.5 instances. You may need to check the aspnet_Users table to find your Admin user’s user ID.

Reset your Sitecore Admin password to ‘b’ when using SHA512 hashing

4 thoughts on “Reset your Sitecore Admin password to ‘b’ when using SHA512 hashing

  1. In your original article, you’re setting the PasswordSalt in the update statement, but here you’re querying for it. Shouldn’t the PasswordSalt be updated as well in this query?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.