From 20a8654be2eb6575bff0e2d75fbe9216e85b7508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Chmielowski?= Date: Thu, 3 Aug 2023 13:06:01 +0200 Subject: [PATCH] Reset scram fields when setting plain password in ejabberd_auth_sql Setting scram password, then disabling scram and setting plain password again, will make us think we are still using scramed password and crash when trying to process it as such. This makes sure that when set plain password we don't leave parts from old scram password. --- src/ejabberd_auth_sql.erl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ejabberd_auth_sql.erl b/src/ejabberd_auth_sql.erl index 566152695..1871d3a71 100644 --- a/src/ejabberd_auth_sql.erl +++ b/src/ejabberd_auth_sql.erl @@ -161,7 +161,10 @@ set_password_t(LUser, LServer, Password) -> "users", ["!username=%(LUser)s", "!server_host=%(LServer)s", - "password=%(Password)s"]). + "password=%(Password)s", + "serverkey=''", + "salt=''", + "iterationcount=0"]). get_password_scram(LServer, LUser) -> ejabberd_sql:sql_query(