www programming

integration and scripts forums
https://www.axew3.com/w3/forums/

Lots of errors

https://www.axew3.com/w3/forums/viewtopic.php?t=507

Page 1 of 1

Lots of errors

Posted: Wed Apr 26, 2017 8:54 pm
by ave
Hello,

I installed your plugin and it works great, without problems. However, I noticed strange errors in my error_log, seems that somebody is using your plugin to force his way through?

Code: Select all

[24-Apr-2017 12:20:13 UTC] PHP Fatal error:  Uncaught Exception: Unsupported hash format. in /home/mysite/public_html/wp-content/plugins/wp-w3all-phpbb-integration2/addons/bcrypt/bcrypt.php:111
Stack trace:
#0 /home/mysite/public_html/wp-content/plugins/wp-w3all-phpbb-integration2/addons/bcrypt/bcrypt.php(59): w3_Bcrypt::_validateIdentifier('$H$9xPJKaelb...')
#1 /home/mysite/public_html/wp-content/plugins/wp-w3all-phpbb-integration2/wp_w3all.php(488): w3_Bcrypt::checkPassword('123456', '$H$9xPJKaelb...')
#2 /home/mysite/public_html/wp-includes/user.php(162): wp_check_password('123456', '$H$9xPJKaelb...', 6)
#3 /home/mysite/public_html/wp-includes/class-wp-hook.php(298): wp_authenticate_username_password(Object(WP_User), 'matt32', '123456')
#4 /home/mysite/public_html/wp-includes/plugin.php(203): WP_Hook->apply_filters(NULL, Array)
#5 /home/mysite/public_html/wp-includes/pluggable.php(522): apply_filters('authenticate', NULL, 'matt32', '123456')
#6 /home/mysite/public_html/wp-includes/user.php(85): wp_authenticate('matt32', '123456')
#7 /h in /home/mysite/public_html/wp-content/plugins/wp-w3all-phpbb-integration2/addons/bcrypt/bcrypt.php on line 111
There are more than 1500 similar errors, all from yesterday and today, since I installed w3 plugin. :shock:

Thank you!

Re: Lots of errors

Posted: Wed Apr 26, 2017 9:31 pm
by axew3
your phpBB i assume is 3.1 or better, and maybe is an old one updated? (where can be users with old hash format? (so i will take a look to definitively resolve this problem issue in case)) ...
it seem just this kind of error, an user have an old md5 pass stored into phpBB, or an hash not recognized by crypt class.
This problem can be easily resolved to force in case these users to reset passw and code to not lead to an error.
There is no strange char passed that let think to some other problem.
Looking as soon ...

Re: Lots of errors

Posted: Thu Apr 27, 2017 8:32 am
by axew3
find out the problem ... resolving, thank for the info!
No security fix needed: just a code fix.
Further more, md5 passwords are correctly recognized instead.
Fixing this as soon-

Re: Lots of errors

Posted: Thu Apr 27, 2017 8:53 am
by axew3
Fix to recognize old md5 style password of phpBB applied.
Now also old styles passwords are correctly passed for check into WP and no more errors about.
Substitute the file wp_w3all.php with the new one:
https://plugins.trac.wordpress.org/expo ... _w3all.php
wp_w3all 1.6.9 has just been patched to resolve definitively this issue.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited