A user who has had a problem with identity theft in the past was upset by our forum requesting him to change his password.
Is it possible for me (as admin) to be able to force the forum to allow him to NOT change his password, or is it trivial to break the stored hash from the database? I don't care whether or not I discover what the actual password is and I don't want to have access to the account itself, I just want to give this user a "Get Out Of Changing Your Password" card.
I have no intimate knowledge of vBulletin, but I can imagine that it would not be difficult to obtain the hash from the database and brute force it. I haven't looked, but I wager someone has written a script to do this already. But aside from being laborious, this approach has the distasteful side effect that I will know this user's password, and that is the very thing the user is trying to protect.
Frankly though it just isn't worth that much effort to me. The user won't return until I've fixed things such that their old password will work, so if I cannot easily do it, I'll give them the bad news.
Yes I do realize how easily the user could use the Lost Password feature. I am not asking for methods for reasoning with the user though, I am only wondering if there is a direct way to accomplish my goal.
TIA for any thoughts on this matter!
__DEFINE_LIKE_SHARE__
01-22-2010, 02:30 AM
العرض العادي
