Your authentication password has been changed in your AD since you last get logged in in Teampass. We need to adapt your encryption key. Please provide your previous password and the current one.

[marcblum24]

Steps to reproduce

1. Password was changed in Active Directory
2. User authenticates at TeamPass
3. A message is displayed " Your attention is required" "Your authentication password has been changed in your AD since you last get logged in in Teampass." etc.

Expected behaviour

Log in and view passwords

Actual behaviour

Repeatedly prompted with a message that "Your authentication password has been changed in your AD since you last get logged in in Teampass. We need to adapt your encryption key. Please provide your previous password and the current one." Entering the correct previous and current AD passwords results in "Bad password".

Server configuration

Debian 12 Bookworm

Web server:
apache2 2.4.62-1

Database:
mariadb 10.11.6-0

PHP version:
php 8.2.26-1

Teampass version:
3.1.3.10

Teampass configuration file:

Teampass configuration file:

'10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '1', 'log_connections' => '0', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '0', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '0', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '', 'cpassman_url' => '', 'favicon' => '', 'path_to_upload_folder' => '', 'path_to_files_folder' => '', 'url_to_files_folder' => '', 'activate_expiration' => '1', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'cpassman_version' => '3.0.0.0', 'ldap_mode' => '0', 'ldap_type' => '0', 'ldap_suffix' => '0', 'ldap_domain_dn' => '0', 'ldap_domain_controler' => '0', 'ldap_user_attribute' => '0', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'ldap_elusers' => '0', 'ldap_search_base' => '0', 'ldap_port' => '389', 'richtext' => '0', 'allow_print' => '1', 'roles_allowed_to_print' => '0', 'show_description' => '1', 'anyone_can_modify' => '1', 'anyone_can_modify_bydefault' => '1', 'nb_bad_authentication' => '0', 'utf8_enabled' => '1', 'restricted_to' => '1', 'restricted_to_roles' => '1', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '0', 'insert_manual_entry_item_history' => '1', 'enable_kb' => '0', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_logo' => '', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '0', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;', 'send_stats_time' => '1592665749', 'get_tp_info' => '1', 'send_mail_on_user_login' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '1', 'enable_personal_saltkey_cookie' => '0', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => ' ', 'email_smtp_auth' => '1', 'email_auth_username' => '', 'email_auth_pwd' => '', 'email_port' => '465', 'email_security' => 'ssl', 'email_server_url' => '', 'email_from' => '', 'email_from_name' => '', 'pwd_maximum_length' => '40', 'google_authentication' => '0', 'delay_item_edition' => '0', 'allow_import' => '1', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => 'TeamPass for ChangeMe', 'api' => '0', 'subfolder_rights_as_parent' => '0', 'show_only_accessible_folders' => '1', 'enable_suggestion' => '0', 'otv_expiration_period' => '7', 'default_session_expiration_time' => '60', 'duo' => '0', 'enable_server_password_change' => '0', 'ldap_object_class' => '0', 'bck_script_path' => '', 'bck_script_filename' => 'bck_teampass', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'otv_is_enabled' => '1', 'agses_authentication_enabled' => '0', 'item_extra_fields' => '1', 'saltkey_ante_2127' => 'none', 'migration_to_2127' => 'done', 'files_with_defuse' => 'done', 'timezone' => 'UTC', 'enable_attachment_encryption' => '1', 'personal_saltkey_security_level' => '50', 'ldap_new_user_is_administrated_by' => '0', 'disable_show_forgot_pwd_link' => '0', 'offline_key_level' => '0', 'enable_http_request_login' => '0', 'ldap_and_local_authentication' => '0', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '0', 'bck_script_passkey' => '', 'admin_2fa_required' => '1', 'password_overview_delay' => '4', 'copy_to_clipboard_small_icons' => '1', 'duo_akey' => '', 'duo_ikey' => '', 'duo_skey' => '', 'duo_host' => '', 'teampass_version' => '', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'tree_counters' => '0', 'settings_offline_mode' => '1', 'item_creation_templates' => '1', ); **Updated from an older Teampass or fresh install:** fresh install ### Client configuration Edge, Firefox, Chrome **Operating system:** Windows 10 ### Logs #### Web server error log Apache access.log shows no errors teampass_access.log is empty teampass_error.log is empty ``` Insert your webserver log here 192.168.249.36 - - [13/Jan/2025:10:55:07 +0100] "POST /sources/main.queries.php HTTP/1.1" 200 956 "https://teampass.xyz.xyz/index.php?page=it ems&loginForm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ``` #### Log from the web-browser developer console (CTRL + SHIFT + i) ```shows no error what I can see. Insert the log here and especially the answer of the query that failed. ```

[nilsteampassnet]

@marcblum24
I could reproduce it.
I will investigate.

[nilsteampassnet]

in file sources/main.queries.php, can you try the next please.

Replace

            $currentUserKey = DB::queryFirstRow(
                'SELECT share_key, increment_id
                FROM ' . prefixTable('sharekeys_items') . '
                WHERE user_id = %i
                LIMIT 1',
                $post_user_id
            );

by

            $currentUserKey = DB::queryFirstRow(
                'SELECT ski.share_key, ski.increment_id
                FROM ' . prefixTable('sharekeys_items') . ' AS ski
                INNER JOIN ' . prefixTable('log_items') . ' AS l ON ski.object_id = l.id_item
                WHERE l.id_user = %i
                ORDER BY date DESC
                LIMIT 1',
                $post_user_id
            );

THis will permit the last password seen by the user to be used as decrypt reference

[reginfo]

Hi,
I tried this fix with test user.
But for me it didn`t worked.
Still Bad password.

[marcblum24]

Hi,
we replaced the code in main.queries.php and tried after the password change. It shows the following: