search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.68k stars 547 forks source link

After AD password change, personal passwords are blank #3895

Open sfoglema opened 1 year ago

sfoglema commented 1 year ago
### Steps to reproduce 1.Change Active Directory password 2.Login to TeamPass and view personal password 3. Password is blank ### Expected behaviour Tell us what should happen Click on personal password should expose password and allow copying ### Actual behaviour Tell us what happens instead Password field is blank, countdown circle displays, and no copy to clipboard I tried to "Generate new keys several times and also tried the Sync passwords (which ended in password error) I also tried generate new OTP from admin All failed to fix the issue. It appears the new AD password does not match up with the Teampass encryption, but I am unable to reset my AD password back to the previous due to security limits. ### Server configuration **Operating system**: CentOS 7 **Web server:** Apache 2.4.6 **Database:** 5.5.68-MariaDB MariaDB Server **PHP version:** 8.0.30 **Teampass version:** 3.0.10 **Teampass configuration file:** '10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '1', 'log_connections' => '1', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '0', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '0', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '/var/www/html/teampass', 'cpassman_url' => 'https:///teampass', 'favicon' => 'https:///teampass/favicon.ico', 'path_to_upload_folder' => '/var/www/html/teampass/upload', 'url_to_upload_folder' => 'https:///teampass/ upload', 'path_to_files_folder' => '/var/www/html/teampass/files', 'url_to_files_folder' => 'https:///teampass/f iles', 'activate_expiration' => '0', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'cpassman_version' => '3.0.0.22', 'ldap_mode' => '1', 'ldap_type' => 'ActiveDirectory', 'ldap_suffix' => '@', 'ldap_domain_dn' => '', 'ldap_domain_controler' => '', 'ldap_user_attribute' => 'samaccountname', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'richtext' => '0', 'allow_print' => '1', 'roles_allowed_to_print' => '["["["["1","2","3","4","5","6","7","8","9"]"]"] "]', 'show_description' => '1', 'anyone_can_modify' => '0', 'anyone_can_modify_bydefault' => '0', 'nb_bad_authentication' => '0', 'utf8_enabled' => '1', 'restricted_to' => '0', 'restricted_to_roles' => '0', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '1', 'insert_manual_entry_item_history' => '0', 'enable_kb' => '1', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_logo' => '', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '0', 'get_tp_info' => '1', 'send_mail_on_user_login' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '0', 'enable_personal_saltkey_cookie' => '1', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => '', 'email_smtp_auth' => '0', 'email_auth_username' => '', 'email_auth_pwd' => '', 'email_port' => '25', 'email_security' => 'none', 'email_server_url' => '', 'email_from' => '', 'email_from_name' => 'TeamPass Server', 'pwd_maximum_length' => '60', 'delay_item_edition' => '0', 'allow_import' => '1', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot ,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => 'TeamPass', 'api' => '0', 'subfolder_rights_as_parent' => '0', 'show_only_accessible_folders' => '0', 'enable_suggestion' => '0', 'otv_expiration_period' => '7', 'default_session_expiration_time' => '60', 'duo' => '0', 'enable_server_password_change' => '0', 'send_stats_time' => '0', 'tree_counters' => '1', 'item_extra_fields' => '0', 'enable_attachment_encryption' => '1', 'copy_to_clipboard_small_icons' => '0', 'settings_offline_mode' => '0', 'offline_key_level' => '0', 'bck_script_filename' => 'IT_Network_teampass_backup', 'bck_script_path' => '/mnt/SAN/Teampass/', 'can_create_root_folder' => '0', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'timezone' => 'America/New_York', 'menu_type' => 'context', 'google_authentication' => '0', 'ldap_object_class' => '0', 'saltkey_ante_2127' => '', 'teampass_version' => '3.0.10', 'migration_to_2127' => 'done', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_sh ared;stat_folders;stat_folders_shared;stat_admins;st', 'agses_authentication_enabled' => '0', 'personal_saltkey_security_level' => '0', 'ldap_new_user_is_administrated_by' => '0', 'ldap_port' => '389', 'enable_http_request_login' => '0', 'admin_2fa_required' => '1', 'otv_is_enabled' => '0', 'ldap_and_local_authentication' => '1', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '0', 'files_with_defuse' => 'done', 'password_overview_delay' => '4', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'mfa_for_roles' => '', 'settings_tree_counters' => '0', 'enable_massive_move_delete' => '0', 'email_debug_level' => '0', 'ga_reset_by_user' => '', 'onthefly-backup-key' => 'encryption', 'onthefly-restore-key' => '', 'ldap_user_dn_attribute' => 'distinguishedname', 'ldap_dn_additional_user_dn' => '', 'ldap_user_object_filter' => '(sAMAccountName=*)', 'ldap_bdn' => '', 'ldap_hosts' => '', 'ldap_password' => '', 'ldap_username' => '', 'api_token_duration' => '60', 'enable_tasks_manager' => '1', 'task_maximum_run_time' => '300', 'maximum_number_of_items_to_treat' => '300', 'tasks_manager_refreshing_period' => '100', 'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER', 'bck_script_passkey' => '', 'disable_show_forgot_pwd_link' => '1', 'enable_tasks_log' => '0', 'enable_ad_users_with_ad_groups' => '0', 'enable_ad_user_auto_creation' => '0', 'ldap_group_object_filter' => '', 'ldap_guid_attibute' => 'objectGUID', 'sending_emails_job_frequency' => '2', 'user_keys_job_frequency' => '1', 'items_statistics_job_frequency' => '5', 'reload_cache_table_task' => '', 'rebuild_config_file' => '', 'purge_temporary_files_task' => '', 'clean_orphan_objects_task' => '', 'users_personal_folder_task' => '', 'upgrade_timestamp' => '1691669268', 'maximum_session_expiration_time' => '60', ); **Updated from an older Teampass or fresh install:** PLEASE attach to this issue the file `/includes/config/tp.config.php`. ### Client configuration **Browser:** Any, Edge, Firefox, Chrome, Brave **Operating system:** Windows 10 Pro ### Logs #### Web server error log ``` Only entries pertaining to InfoSec pentesting, none reated to this issue. Insert your webserver log here ``` 10.6.242.199 - - [06/Oct/2023:14:57:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1407 10.6.242.199 - - [06/Oct/2023:14:57:29 -0400] "GET /teampass/sources/tree.php HTTP/1.1" 200 12764 10.6.242.199 - - [06/Oct/2023:14:57:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 867 10.6.242.199 - - [06/Oct/2023:14:57:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:14:57:29 -0400] "POST /teampass/sources/users.queries.php HTTP/1.1" 200 1715 10.6.242.199 - - [06/Oct/2023:14:57:31 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 7519 10.6.242.199 - - [06/Oct/2023:14:57:31 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 4355 10.6.242.199 - - [06/Oct/2023:14:57:35 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 883 10.6.242.199 - - [06/Oct/2023:14:57:35 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 859 10.6.242.199 - - [06/Oct/2023:14:57:35 -0400] "GET /teampass/index.php?page=items HTTP/1.1" 200 411441 10.6.242.199 - - [06/Oct/2023:14:57:36 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1403 10.6.242.199 - - [06/Oct/2023:14:57:36 -0400] "GET /teampass/sources/tree.php HTTP/1.1" 200 12764 10.6.242.199 - - [06/Oct/2023:14:57:36 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 867 10.6.242.199 - - [06/Oct/2023:14:57:36 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:14:57:37 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 7531 10.6.242.199 - - [06/Oct/2023:14:57:37 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 4351 10.6.242.199 - - [06/Oct/2023:14:57:44 -0400] "GET /teampass/index.php?page=items HTTP/1.1" 200 411441 10.6.242.199 - - [06/Oct/2023:14:57:44 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1399 10.6.242.199 - - [06/Oct/2023:14:57:44 -0400] "GET /teampass/sources/tree.php HTTP/1.1" 200 12764 10.6.242.199 - - [06/Oct/2023:14:57:44 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 867 10.6.242.199 - - [06/Oct/2023:14:57:44 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:14:57:46 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 7515 10.6.242.199 - - [06/Oct/2023:14:57:46 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 4343 10.6.242.199 - - [06/Oct/2023:14:57:47 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 19971 10.6.242.199 - - [06/Oct/2023:14:57:48 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 21343 10.6.242.199 - - [06/Oct/2023:14:57:48 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 14431 10.6.242.199 - - [06/Oct/2023:14:57:48 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 2351 10.6.242.199 - - [06/Oct/2023:14:57:49 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 859 10.6.242.199 - - [06/Oct/2023:14:57:49 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 859 10.6.242.199 - - [06/Oct/2023:14:57:49 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 2183 10.6.242.199 - - [06/Oct/2023:14:57:49 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 1031 10.6.242.199 - - [06/Oct/2023:14:57:50 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 2771 10.6.242.199 - - [06/Oct/2023:14:57:50 -0400] "POST /teampass/sources/items.queries.php HTTP/1.1" 200 859 10.6.242.199 - - [06/Oct/2023:14:57:51 -0400] "POST /teampass/sources/items.logs.php HTTP/1.1" 200 3 10.6.40.98 - - [06/Oct/2023:14:58:27 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:14:59:27 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:00:28 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:01:29 -0400] "HEAD / HTTP/1.0" 302 - 10.6.242.199 - - [06/Oct/2023:15:01:45 -0400] "POST /teampass/sources/items.logs.php HTTP/1.1" 200 3 10.6.40.98 - - [06/Oct/2023:15:02:29 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:03:29 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:04:30 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:05:31 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:06:32 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:07:32 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:08:33 -0400] "HEAD / HTTP/1.0" 302 - 10.6.242.199 - - [06/Oct/2023:15:08:59 -0400] "GET /teampass/includes/core/logout.php?token=2xg9qJc6HfkztAtPbc3EdRv4zybNpVrkYBNHJyUr2EneLZBLss HTTP/1.1" 200 556 10.6.242.199 - - [06/Oct/2023:15:08:59 -0400] "GET /teampass/index.php HTTP/1.1" 200 134355 10.6.242.199 - - [06/Oct/2023:15:09:00 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1407 10.6.242.199 - - [06/Oct/2023:15:09:05 -0400] "POST /teampass/sources/identify.php HTTP/1.1" 200 993 10.6.242.199 - - [06/Oct/2023:15:09:05 -0400] "POST /teampass/sources/checks.php HTTP/1.1" 200 15 10.6.242.199 - - [06/Oct/2023:15:09:05 -0400] "POST /teampass/sources/identify.php HTTP/1.1" 200 1583 10.6.242.199 - - [06/Oct/2023:15:09:05 -0400] "GET /teampass/index.php?page=admin HTTP/1.1" 200 134561 10.6.242.199 - - [06/Oct/2023:15:09:06 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1403 10.6.242.199 - - [06/Oct/2023:15:09:06 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:09:06 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1087 10.6.242.199 - - [06/Oct/2023:15:09:06 -0400] "POST /teampass/sources/users.queries.php HTTP/1.1" 200 1719 10.6.242.199 - - [06/Oct/2023:15:09:11 -0400] "GET /teampass/index.php?page=options HTTP/1.1" 200 227421 10.6.242.199 - - [06/Oct/2023:15:09:11 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1407 10.6.242.199 - - [06/Oct/2023:15:09:11 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:09:11 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:15:09:29 -0400] "GET /teampass/index.php?page=utilities.database HTTP/1.1" 200 129396 10.6.242.199 - - [06/Oct/2023:15:09:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1399 10.6.242.199 - - [06/Oct/2023:15:09:29 -0400] "GET /teampass/sources/logs.datatables.php?action=items_in_edition&draw=1&columns%5B0%5D%5Bdata%5D=0&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=3&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=2&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1696619369409 HTTP/1.1" 200 1071 10.6.242.199 - - [06/Oct/2023:15:09:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:09:29 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.40.98 - - [06/Oct/2023:15:09:33 -0400] "HEAD / HTTP/1.0" 302 - 10.6.242.199 - - [06/Oct/2023:15:09:46 -0400] "GET /teampass/index.php?page=options HTTP/1.1" 200 227421 10.6.242.199 - - [06/Oct/2023:15:09:47 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1407 10.6.242.199 - - [06/Oct/2023:15:09:47 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:09:47 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:15:10:08 -0400] "-" 408 - 10.6.242.199 - - [06/Oct/2023:15:10:17 -0400] "GET /teampass/index.php?page=backups HTTP/1.1" 200 146310 10.6.242.199 - - [06/Oct/2023:15:10:17 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1403 10.6.242.199 - - [06/Oct/2023:15:10:17 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:10:17 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.40.98 - - [06/Oct/2023:15:10:33 -0400] "HEAD / HTTP/1.0" 302 - 10.6.242.199 - - [06/Oct/2023:15:10:38 -0400] "-" 408 - 10.6.40.98 - - [06/Oct/2023:15:11:34 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:12:34 -0400] "HEAD / HTTP/1.0" 302 - 10.6.242.199 - - [06/Oct/2023:15:12:41 -0400] "GET /teampass/index.php?page=admin HTTP/1.1" 200 134561 10.6.242.199 - - [06/Oct/2023:15:12:42 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1403 10.6.242.199 - - [06/Oct/2023:15:12:42 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 55 10.6.242.199 - - [06/Oct/2023:15:12:42 -0400] "POST /teampass/sources/main.queries.php HTTP/1.1" 200 1091 10.6.242.199 - - [06/Oct/2023:15:13:03 -0400] "-" 408 - 10.6.40.98 - - [06/Oct/2023:15:13:34 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:14:35 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:15:35 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:16:36 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:17:37 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:18:37 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:19:37 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:20:38 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:21:38 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:22:39 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:23:39 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:24:40 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:25:40 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:26:41 -0400] "HEAD / HTTP/1.0" 302 - 10.6.40.98 - - [06/Oct/2023:15:27:41 -0400] "HEAD / HTTP/1.0" 302 - #### Log from the web-browser developer console (CTRL + SHIFT + i) ``` Insert the log here and especially the answer of the query that failed. ``` No failures. items.logs.php is all that shows up when clicking on view password.
nilsteampassnet commented 1 year ago

@sfoglema Indeed the process in case of AD user password change wasn't not very clear. I've improved it with the following.

1- Let's considere the user's password has been changed in the AD 2- The user get auth in TP 3- He wants to open an item 4- A message is displayed asking him to sync new and old passwords Capture d’écran du 2023-10-11 10-55-13 5- Click on the button 6- New form opens where he needs to provide his passwords Capture d’écran du 2023-10-11 10-56-52 7- Reopen the item and password is available Capture d’écran du 2023-10-11 10-57-52

sfoglema commented 1 year ago

When I select “synchronize passwords” and enter my old and new passwords, I get “the password is not correct”.

This may be due to generating new keys previously while trying to troubleshoot.

Is there a way to recover the personal passwords?

I was hoping that generating a new OTP under admin/users would clear it out and allow me to access the personal passwords, but that failed as well.

Scott F.

From: Nils Laumaillé @.> Sent: Wednesday, October 11, 2023 4:58 AM To: nilsteampassnet/TeamPass @.> Cc: Fogleman, Scott @.>; Mention @.> Subject: [EXTERNAL] Re: [nilsteampassnet/TeamPass] After AD password change, personal passwords are blank (Issue #3895)

CAUTION: This email is from an external source. Do you know them and are you expecting this? Look again! Phishing is our #1 threat. You are our best defense!!!

@sfoglema [github.com]https://urldefense.com/v3/__https:/github.com/sfoglema__;!!BqA_fObfzgc!eQEazFF2O35rZeoH-NiDKayEDgRU4Zpr4b9nOE3sR_Dh_ToAgNWS6tuB9Jw7LGynO4vvKbtgDzWiUXnE5UPHFMWtuYLrFaGl$ Indeed the process in case of AD user password change wasn't not very clear. I've improved it with the following.

1- Let's considere the user's password has been changed in the AD 2- The user get auth in TP 3- He wants to open an item 4- A message is displayed asking him to sync new and old passwords [Capture d’écran du 2023-10-11 10-55-13][user-images.githubusercontent.com]https://urldefense.com/v3/__https:/user-images.githubusercontent.com/1197546/274206148-03de4266-4b80-4f4c-9a09-d4735bcf5088.png__;!!BqA_fObfzgc!eQEazFF2O35rZeoH-NiDKayEDgRU4Zpr4b9nOE3sR_Dh_ToAgNWS6tuB9Jw7LGynO4vvKbtgDzWiUXnE5UPHFMWtuRLAxTsI$ 5- Click on the button 6- New form opens where he needs to provide his passwords file:///home/nils/Images/Captures%20d%E2%80%99%C3%A9cran/Capture%20d%E2%80%99%C3%A9cran%20du%202023-10-11%2010-56-52.png 7- Reopen the item and password is available file:///home/nils/Images/Captures%20d%E2%80%99%C3%A9cran/Capture%20d%E2%80%99%C3%A9cran%20du%202023-10-11%2010-57-52.png

— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/nilsteampassnet/TeamPass/issues/3895*issuecomment-1757185250__;Iw!!BqA_fObfzgc!eQEazFF2O35rZeoH-NiDKayEDgRU4Zpr4b9nOE3sR_Dh_ToAgNWS6tuB9Jw7LGynO4vvKbtgDzWiUXnE5UPHFMWtua4fuVyF$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AGMHZXA3YXQRBTXWYMZTXFTX6ZNS7ANCNFSM6AAAAAA5WIZLN4__;!!BqA_fObfzgc!eQEazFF2O35rZeoH-NiDKayEDgRU4Zpr4b9nOE3sR_Dh_ToAgNWS6tuB9Jw7LGynO4vvKbtgDzWiUXnE5UPHFMWtuUcZ0TVy$. You are receiving this because you were mentioned.Message ID: @.**@.>>

nilsteampassnet commented 1 year ago

@sfoglema Need to understand if only the personal passwords are blank or all?

sfoglema commented 1 year ago

Sorry Nils, only the personal passwords are blank.

I can see the normal passwords without issue.

Thanks,

Scott F.

From: Nils Laumaillé @.> Sent: Wednesday, October 11, 2023 11:53 AM To: nilsteampassnet/TeamPass @.> Cc: Fogleman, Scott @.>; Mention @.> Subject: [EXTERNAL] Re: [nilsteampassnet/TeamPass] After AD password change, personal passwords are blank (Issue #3895)

CAUTION: This email is from an external source. Do you know them and are you expecting this? Look again! Phishing is our #1 threat. You are our best defense!!!

@sfoglema [github.com]https://urldefense.com/v3/__https:/github.com/sfoglema__;!!BqA_fObfzgc!dDYgdknNyrnamoEn7urJ0h1xIfwbzJqK19ZfGZ3tBHQbtd0v584mCke3vmwbjyC0X9yn8TUV3Bp6bDyqHwJaD0pww32UBsbT$ Need to understand if only the personal passwords are blank or all?

— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/nilsteampassnet/TeamPass/issues/3895*issuecomment-1758004667__;Iw!!BqA_fObfzgc!dDYgdknNyrnamoEn7urJ0h1xIfwbzJqK19ZfGZ3tBHQbtd0v584mCke3vmwbjyC0X9yn8TUV3Bp6bDyqHwJaD0pww9uQ0Lpw$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AGMHZXARM4BGSLB7RE62GZLX626FBANCNFSM6AAAAAA5WIZLN4__;!!BqA_fObfzgc!dDYgdknNyrnamoEn7urJ0h1xIfwbzJqK19ZfGZ3tBHQbtd0v584mCke3vmwbjyC0X9yn8TUV3Bp6bDyqHwJaD0pwwzS4PiXa$. You are receiving this because you were mentioned.Message ID: @.**@.>>

nilsteampassnet commented 1 year ago

Ok thanks And before the AD password change, those personal passwords were visible. You confirm this?

sfoglema commented 1 year ago

Yes. Used daily.

From: Nils Laumaillé @.> Sent: Thursday, October 12, 2023 10:09 AM To: nilsteampassnet/TeamPass @.> Cc: Fogleman, Scott @.>; Mention @.> Subject: [EXTERNAL] Re: [nilsteampassnet/TeamPass] After AD password change, personal passwords are blank (Issue #3895)

CAUTION: This email is from an external source. Do you know them and are you expecting this? Look again! Phishing is our #1 threat. You are our best defense!!!

Ok thanks And before the AD password change, those personal passwords were visible. You confirm this?

— Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https:/github.com/nilsteampassnet/TeamPass/issues/3895*issuecomment-1759683025__;Iw!!BqA_fObfzgc!d_XrdSZMPNoqGqPKAIs8fSx-4TfyIgLapfuTrW7jrtRh6CGOGF2ognPSS2ccvUy8H4O1DwnNAlUnPE7ug-GSbn2VGBh4K-B9$, or unsubscribe [github.com]https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AGMHZXA5IF3DSX72YRB33QTX672WHAVCNFSM6AAAAAA5WIZLN6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONJZGY4DGMBSGU__;!!BqA_fObfzgc!d_XrdSZMPNoqGqPKAIs8fSx-4TfyIgLapfuTrW7jrtRh6CGOGF2ognPSS2ccvUy8H4O1DwnNAlUnPE7ug-GSbn2VGDDlx6G7$. You are receiving this because you were mentioned.Message ID: @.**@.>>

alarido commented 11 months ago

What is happening to me constantly and a is problem that lays in this behaviour is that in most enterprise deployments LDAP server has a policy to change the password frequently and then every user has to manually sync the password every time, that hurts usability a lot and creates lots of incidents.

If sync password does not pop up automatically once a user logins with a new password, then regular users do not know that they are not seeing items password because of this, they think the system is broken, they open a ticket, etc.

It's worse for users that do not login frequently in teampass, usually they have forgoten their previous password by the time they have to sync it, and they cannot do it, even if they know where that is done.

As a suggestion and I don't know if it's possible or has some drawback but once a user logins with a the new password, sync should happen seamlessly without user intervention, things like this one are wonderfull when they automagically happen.

Thanks in advance.