We have had a very strange issues related to the most recent Serv-U update in June (188.8.131.526) which started yesterday 26th September out of nowhere, no changes were made..
See this thread for the details relating to the password encryption method change in the update from 184.108.40.2066, we've had this update in place for months with no issues but now...
Accounts using Public Key authentication to connect to Serv-U suddently were not able to connect AND their accounts were becoming disabled. Users do not have automatic disabling set on their account, Serv-U is doing this all by itself.
After lots of testing, it appears that when an account has been connecting using a key, Serv-U still has the old password format/encryption method associated with that user's account (in the user's Archive file), even though they are not using a password to connect. Something in the Serv-U code seems to have enforced that accounts with this get DISABLED when they try to connect, even with a key (specifically on 26th September). The administrator when has to manually reactivate the account but as soon as they try to login again, it gets disabled. We also saw one instance where the GROUP that the user belonged to also go disabled, which disables all other users in that group.
The only way to fix this is to set a new password on the account but I have hundreds of accounts this could have happened to and it is near impossible to work out which accounts are affected.
Please can you let us know if there is something in Serv-U for this specific date and how we can fix this issue, is there a patch?
Thank you for your help.
@chrisrowYou may get this issue too based on our previous discussions on the other thread linked above.
I can confirm that such a problem exist.
We see many disabled accounts on our system, though we do not use a key based authentication for most of these accounts.
Affected are mostly accounts with a well known username (like "admin" or "administrator") so I assume that these get locked/disabled due to random login attempts from bots.
Resetting the password on these accounts does seem to help prevent that problem from happening again.
Serv-U 15.2.1 provides increased password security, existing MD5 passwords are converted using more secure algorithm.
MD5 passwords can be automatically changed in the first 90 days (during connection using password); after this period they are set to expired, and expired passwords can only be changed by an administrator. I can reach you to discuss this change and how to mitigate the impact.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.