Reset your Sitecore Admin password to ‘b’ when using SHA512 hashing

Okay, this this relates to my recent post on password hashing in Sitecore, and why we should move away from SHA1. Let’s say you’ve decided to use SHA512 for a brand new instance like Sitecore recommend…

When you create a new website, you must change the weak default hash algorithm (SHA1) that is used to encrypt user passwords to a stronger algorithm.

To change the hash algorithm:

  • Open the web.config file and in the <membership> node, set the hashAlgorithmType setting to the appropriate value. We recommend SHA512.

Okay, funky, but how do I make the existing admin’s password work?

Two options:

  • Log in to Sitecore, change the setting in the web config, and when you site reloads, quickly change your password.
  • Run the following SQL in your CORE database to set the password:

Update [aspnet_Membership]
set [Password] = 'K8N8GUW8UiNT2mPdjvuBDH+QmvA3R61M9buVvCwFHwtDjpMzTxs34lg0uQ0azCITqh6FkUZlX4kM72lsAyuyXQ=='
where [UserId] = '4342515E-2BF6-4480-91CE-A2D9ACE502A8'
and [PasswordSalt] = 'p5B6HOWKt0ctMZaSNXTlfw=='

This should set the Admin’s password to ‘b’. Obviously, you should then change that to a secure password or passphrase.

This is a lot like how I suggested fixing lock admins before. Note that user ids and password salts seem to change across Sitecore versions; this matched a couple of my Sitecore 8.2 (update 4 and 5) instances, but is a different user id and salt to what worked for my Sitecore 7.5 instances. You may need to check the aspnet_Users table to find your Admin user’s user ID.

Advertisements
Reset your Sitecore Admin password to ‘b’ when using SHA512 hashing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s