5.6 Resetting user passwords
Currently there is no dedicated functionality in MetaDefender Email Security's Web Management Console to reset user passwords. Workarounds exist, however.
Admin account
Prerequisites
The workaround requires the following:
-
Shell access to the MetaDefender Email Security
-
Read/write access to the configuration database (tipically C:\Program Files\OPSWAT\Metadefender Email Security\data\config.db.sqlite on Windows)
-
An SQLite client application (e.g. sqlite3 from https://www.sqlite.org/download.html) installed locally on the server
-
A utility to calculate SHA-256 hash values (e.g. CertUtil on Windows) installed locally on the server
Do not use online tools to calculate the hash value as it would result in the disclosure of the clear text password.
Password reset steps
Do not use the password, salt and hash values of the examples below in a production environment.
-
Stop MetaDefender Email Security
-
Connect to the database
Connect as a user that has read and write permissions on the database (tipically Administrator on Windows). Using unprivileged accounts may give unexpected results.
Windows example (sqlite3)> sqlite3.exe "C:\Program Files\OPSWAT\Metadefender Email Security\data\config.db.sqlite"
-
Query the settings of the admin user
Example (sqlite3)sqlite>
SELECT
settings
FROM
users
WHERE
name
=
"admin"
;
-
Save the result settings string for later use
Example{
"email"
:
"admin@localhost"
,
"password"
:
"f7fe7874618b3468c262698bb46fd499421b38026a42c7ae0504c0cd8a097360"
,
"salt"
:
"2ad530aa56844126860783e93552ccba"
}
-
Take the salt part from the settings string (2ad530aa56844126860783e93552ccba in the example above) and append it with the new password (NewPassword123 in the examples below)
Example2ad530aa56844126860783e93552ccbaNewPassword123
-
Calculate the hash of the salted new password
Windows example> copy con saltedpassword.txt
2ad530aa56844126860783e93552ccbaNewPassword123^Z
1 file(s) copied.
> powershell get-filehash -algorithm sha256 saltedpassword.txt
Algorithm Hash Path
--------- ---- ----
SHA256 ECE2B0DD63F31A6571C083742305A219D36143AF3F60660F21677263FE57C96A C:\saltedpassword.txt
-
The result is the salted hash value of the new password
Exampleece2b0dd63f31a6571c083742305a219d36143af3f60660f21677263fe57c96a
-
Replace the password part in the settings string with the salted hash value of the new password
Example{
"email"
:
"admin@localhost"
,
"password"
:
"ece2b0dd63f31a6571c083742305a219d36143af3f60660f21677263fe57c96a"
,
"salt"
:
"2ad530aa56844126860783e93552ccba"
}
-
Update the database and set the new settings value for the user
Do not use the password and salt values of the example below in a production environment!
Example (sqlite3)sqlite>
UPDATE
users
SET
settings=
'{"email":"admin@localhost","password":"ece2b0dd63f31a6571c083742305a219d36143af3f60660f21677263fe57c96a","salt":"2ad530aa56844126860783e93552ccba"}'
WHERE
name
=
"admin"
;
-
Quit the SQLite client and start MetaDefender Email Security
General accounts
The above workaround works for any kind of accounts. Due to its complexity it is, however, not recommended for any other accounts but admin.
For general unprivileged accounts it is much simpler to delete then re-create the account.