Plesk upgrade shows warning: There are accounts with passwords encrypted using a deprecated algorithm

Symptoms

• When upgrading Plesk, the following warning appears:

  WARNING: There are 2 accounts with passwords encrypted using a deprecated algorithm. Please refer to http://kb.plesk.com/en/112391 for the instructions about how to change the password type to plain.

• The following query shows that there are several accounts with incorrect password encryption:

  # plesk db "SELECT * FROM accounts WHERE type='crypt' AND password not like '$%'"
  +------+-------+-------------------------------------------+
  | id | type | password |
  +------+-------+-------------------------------------------+
  | 144 | crypt | 57b083012113593c |
  | 147 | crypt | *C0BF5DBFC80E1C73ED97566021A982BFE2404EDD |
  ...

Cause

Plesk pre-upgrade checker cannot parse some passwords that were incorrectly encrypted.

Resolution

1. Connect to the server via SSH as root or with a sudo user;

2. Get the list of affected objects. Use the following queries to find out the exact type of all affected users via command line:

   • This database query will show all SMB users that are affected:

     # plesk db "SELECT login, contactName, email FROM smb_users WHERE password NOT LIKE '$%' AND login NOT LIKE 'admin'"

   • This will show mail users:

     # plesk db "SELECT m.mail_name, d.name FROM mail m join domains d on m.dom_id=d.id INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id=m.account_id WHERE temptable.id = m.account_id"

   • This database query will show all clients (admin, customers, resellers) whose passwords have wrong encryption:

     # plesk db "SELECT c.login, c.pname, c.cname, c.email FROM clients c INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = c.account_id WHERE temptable.id = c.account_id"

   • This database query will show all db_users (database users) that are affected:

     # plesk db "SELECT db.login, d.name FROM domains d, db_users db INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = db.account_id WHERE d.id=db.dom_id"

   • This database query will show all sys_users (subscription users, FTP users) that are affected:

     # plesk db "SELECT s.login, s.home FROM sys_users s INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = s.account_id WHERE temptable.id = s.account_id"

   • This database query will show all pd_users (protected directory users) that are affected:

     # plesk db "SELECT pu.login, d.name FROM domains d, protected_dirs pd, pd_users pu INNER JOIN (SELECT a.id FROM accounts a WHERE a.type='crypt' AND a.password NOT LIKE '$%') temptable ON temptable.id = pu.account_id WHERE d.id = pd.dom_id"

3. Change the password for affected users using Plesk UI.

   Note: Do not change this value in the Plesk database directly.

   Note: Leaving such passwords is not suggested as they may have negative consequences in future, for example…