Reset admin password for Fortify 22.2

Hi,

I have configured Fortifity SSC 22.2.0 in a stage machine but am unable to login.

I verified the log file ssc.log in fortify home directory. The below error is shown -

/ssc/j_spring_security_check [WARN] com.fortify.manager.security.CustomLoggerListener - Authentication event AuthenticationFailureCredentialsExpiredEvent: admin; exception: User credentials have expired

Please suggest how can I fix this issue.

I do see this msg in logs -

[WARN] com.fortify.manager.security.CustomLoggerListener - Authentication event AuthenticationFailureLockedEvent: admin; exception: User account is locked

Please help how to unlock the account

Parents Reply Children
  • 0   in reply to 

    Passwords are never stored, only the hash value is stored. (Hashing is a one-way function, whereas encryption is two-ways.) In the last few years, SSC uses the bcrypt hashing function to generate the hash. One of the neat features of bcrypt is that it has a built-in salting mechanism, which protects against rainbow table attacks.

    If you have the hash value, you can never generate the original string (hence, hashing is one-way). If you wish to test some strings, use the following online tool: https://bcrypt.online/

    For example, enter the following under the "Bcrypt Hash Verifier" section:

    Plain Text: admin
    Hash: $2a$10$fJ65H/8ihJW40LOI4CAzWuiqp/G.TQs1rzs8RbfiR1avAP9Ty0Tau

    Then click the "Verify Hash" button.