Change password due to heartbleed bug?

Similar Messages

• Persistent bug in x6250 ELOM - changing password breaks blade

  Has anyone else been dealing with the problem in BMC v 4.0.36 and 4.0.45 where changing the root password from "changeme" (sic) to something else renders the blade unbootable? We've had to replace two blades due to this bug, and support seems not to be actively researching the issue. v.4.0.30 didn't have this problem.

  Well, some good news at last. I think I solve the problem with BL0.
  I loaded an older firmware with load command, at end it yeild the same error about not being able to write the BIOS, but rest of the firmware was loaded. Then I try to load back the actual one ..... and surprise this time the installation finished OK.
  -> version
  SP firmware 2.0.3.6
  SP firmware build number: 36946
  SP firmware date: Mon Sep 15 12:46:49 PDT 2008
  SP filesystem version: 0.1.17
  -> load -source tftp://128.90.43.111/ilom.X6250-2.0.3.6-r38189.pkg
  NOTE: A firmware upgrade will cause the server and ILOM to
        be reset. It is recommended that a clean shutdown of
        the server be done prior to the upgrade procedure.
        An upgrade takes about 6 minutes to complete. ILOM
        will enter a special mode to load new firmware. No
        other tasks can be performed in ILOM until the
        firmware upgrade is complete and ILOM is reset.
  Are you sure you want to load the specified file (y/n)? y
  Do you want to preserve the configuration (y/n)? n
  Firmware update is complete.
  ILOM will now be restarted with the new firmware.
  -> /sbin/reboot
  login as: root
  Using keyboard-interactive authentication.
  Password:
  Access denied
  Using keyboard-interactive authentication.
  Password:
  Sun(TM) Integrated Lights Out Manager
  Version 2.0.3.6
  Copyright 2008 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  Warning: password is set to factory default.
  -> version
  SP firmware 2.0.3.6
  SP firmware build number: 38189
  SP firmware date: Thu Oct 16 03:27:04 CST 2008
  SP filesystem version: 0.1.17

• ICloud changes my calendar colors.  I am no longer able to pick my own calendar colors.  This is due to some bug on iCloud.  FIX THIS PROBLEM IMMEDIATELY APPLE!!!  THIS IS RIDICULOUS.  iCloud should not force us to pick calendar colors.

  iCloud changes my calendar colors.  I am no longer able to pick my own calendar colors.  This is due to some bug on iCloud.  FIX THIS PROBLEM IMMEDIATELY APPLE!!!  THIS IS RIDICULOUS.  iCloud should not force us to pick calendar colors.  We should be able to pick our own!!!!!

  Same here, Calender keeps reverting to Purple a color I never ever even picked, screw you iCloud, you continue to annoy me and baffle me with your inadequecies

• My friend changed the language in my apple setting and took english off... i can no longer inputmy password due to it having an accent. What should i do and how should i do it ? all help is appreciated

  My friend changed the language on my phone.... i can no longer input my password due to him taking of the english language,  it is currently in the chinese language and my password has accents in it so i cant access my phone, i dont mind re-storing my phone if required... \whatshout i do and how do i do it ? help is appreciated !

  Hi there,
  You're running an old version of Safari. Before troubleshooting, try updating it to the latest version: 6.0. You can do this by clicking the Apple logo in the top left, then clicking Software update.
  You can also update to the latest version of OS X, 10.8 Mountain Lion, from the Mac App Store for $19.99, which will automatically install Safari 6 as well, but this isn't essential, only reccomended.
  Thanks, let me know if the update helps,
  Nathan

• HT201365 I had to change my email address because I was locked out of my previous address and change my Apple ID password due to the iOS 7 upgrade. Now iCloud will not recognize my new address nor my new password. Everything else on my apple devices accep

  I was forced to change my email address, (was locked out of it). I also was forced to change my Apple password due to the iOS 7 upgrade. Everything on my iPhone and iPad, including iTunes, accepted my new email address change, except iCloud. And because I was forced to change my password, it doesn't recognize my old password or new password either. There is no way I can find to change my email address on iCloud, and so I'm stuck. I cannot delete iCloud account without proper email and password and it still shows my old email and doesn't allow it to be changed.

  If Settings>iCloud is showing your old email address, go to https//appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Tap edit next to the primary email account, tap Edit, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iPhone on your device, even though it prompts you for the password for your old account ID. Then go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https//appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• HT201320 Gmail (non)Access on IPhone 4 after changing password on-line

  I changed the password on my Gmail account on-line, due to the Heartbleed Bug (per Google/Gmail instructions), and have changed the password for my gmail on my i phone (4), but it will no longer allow me to receive my gmail on my phone, because it says my password is incorrect. ??? It keeps sending me back to the same page in Settings where I would re-enter my gmail password, which I've done, several times, and rebooted my phone, and still can no longer receive mail on my phone. I can get into my account on-line, using my new password.
  Any suggestions?
  Thanks for any help anyone can provide...

  I Had this problem on my Ipad.  I went to mail, contacts, calendars under settings.  Then I deleted the Gmail account.  Next I added it under add account.  Essentially I reinstalled it there by choosing Google and then filling out all the other specs.  And putting in my new password.  During some parts of this you have to click on done.  Arrow yourself back to see that it is as you want it.  Done!  I had to do this on each of my i pads as well....the ipad mini too. 

• Jython having issue importing weblogic modules for changing passwords

  I am trying to import some WLST modules into a Jython script as outline in the documentation at http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019971
  The strange thing is that it says it is a WLST script, but it appears to be a Jython script. I tried performing this import using WLST interactive mode, but this did not work.
  I am passing the passwords as encrypted strings while using the encrypt() function
  Here is the script:
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  #To be invoked by java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython
  #usage: wlst.sh ResetWLPassword.py <current_pass> <user> <new_pass> <adminServerURL>
  #{3DES}/asdfadsf== -
  #{3DES}asdfafdsadsf== -
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect('weblogic',myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  atnr.changeUserPassword(myUser,myuser,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  I am receiving the following error message:
  java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython /tmp/ResetWLPassword.py "{3DES}/adsfadsfadsf==" weblogic "{3DES}asdfadsfasd== " t3://localhost:7003
  sys-package-mgr: can't create package cache dir, '/usr/local/bea/wlserver_10.0/common/lib/cachedir/packages'
  Traceback (innermost last):
  File "/tmp/ResetWLPassword.py", line 2, in ?
  ImportError: No module named management

  blumo wrote:
  You are calling org.python.util.jython again instead of weblogic.WLST like I advised in my first post. Invoke WLST (not jython) and pass your values in cleartext. Like I said in my previous post, I was able to execute your script without issue when calling WLST and passing cleartext values (I did have to modify one line to due a bug in your script -- see my prior posts).This seems to work in terms of getting the code to run, but there is still a problem with passing the arguments to the changeUserPassword() method.
  I entered the sequence of commands in the script manually into WLST and it works without issue. It even works without the import, which is strange that Oracle includes it in their documentation.
  I am going to post the code here, perhaps there is something wrong syntax-wise with the way I am authenticating, but I can't put my finger on it.
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect(myUser,myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  #atnr.changeUserPassword('weblogic','weblogic','12345678')
  atnr.changeUserPassword(myUser,myPass,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  throws:
  Connecting to t3://localhost:7003 with userid weblogic ...
  This Exception occurred at Mon Feb 23 11:50:18 PST 2009.
  javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic, failed to be authenticated.]
       at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
       at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
       at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:670)
       at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
       at weblogic.jndi.Environment.getContext(Environment.java:307)
       at weblogic.jndi.Environment.getContext(Environment.java:277)
       at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:498)
       at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:551)
       at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:303)
       at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:201)
       at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:60)
       at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:121)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
       at org.python.core.PyMethod.__call__(PyMethod.java:96)
       at org.python.core.PyObject.__call__(PyObject.java:248)
       at org.python.core.PyObject.invoke(PyObject.java:2016)
       at org.python.pycode._pyx6.connect$1(<iostream>:16)
       at org.python.pycode._pyx6.call_function(<iostream>)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyTableCode.call(PyTableCode.java:404)
       at org.python.core.PyTableCode.call(PyTableCode.java:287)
       at org.python.core.PyFunction.__call__(PyFunction.java:179)
       at org.python.pycode._pyx18.f$0(/tmp/ResetWLPassword.py:20)
       at org.python.pycode._pyx18.call_function(/tmp/ResetWLPassword.py)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyCode.call(PyCode.java:14)
       at org.python.core.Py.runCode(Py.java:1135)
       at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
       at weblogic.management.scripting.WLST.main(WLST.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.WLST.main(WLST.java:29)
  Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.
       at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
       at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
       at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
       at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
  Could not connect using supplied credentials
  Changing password ...
  Password change failed

• What should Mac users do about the Heartbleed bug?

  I've been reading about this new Heartbleed bug where you should change all your passwords. It seems these days that quite frequently something like this appears, and the first thing they tell you is to change all your passwords. I would just like to know from someone who knows what they are talking about how Mac devices are affected by Heartbleed. do I need to make a mad dash to change all my passwords?

  The short answer to your first question is - if you're worried, change your password. Better safe than sorry. If it's just a few sites, it shouldn't be too onerous a task, hopefully.
  Gaining access to one site does not allow an intruder to access other sites.
  When you say "log into" Youtube or Google - just to clarify:
  - If you use your web browser to go to youtube.com, and view videos, or you go to google.com, and do a search for something, technically you're not logging in. You're just visiting. This poses no risk to you.
  - However, if you go to youtube.com, or google.com, and click "Sign in", and enter a user name (usually an email address) and password, then you're logging in, and your password and other information may be at risk.
  When you visit Google, look at the very top of the screen. If you see your name there, you're signed in, and you DO have a Google account. If you don't, you're not signed in, and from what you say, you probably don't have a Google account.
  The only way that email might be affected is if you regularly access your email through the web (ie, you log onto http://comcast.net), and your mail host (Comcast) tells you that they were susceptible to Heartbleed. Accessing mail through a mail application (the Mail app on your Mac, for example) is not affected by this issue. It's really all about websites. Most applications, such as iTunes, are not affected. (I say "most" because some may have used OpenSSL to access services, or are linked to sites which use OpenSSL - such as Dropbox.)
  Matt

• Is there a fix for the Heartbleed bug for iMac, iPad, iPod?

  I just read an article that Google has come out with a fix for PC users to download so they will not be affected by the Heartbleed bug.  I was wondering if Apple has come out with a security fix of their own yet?  

  MsAnnieB2 wrote:
  I just read an article that Google has come out with a fix for PC users to download so they will not be affected by the Heartbleed bug.
  I've searched for this on Google, but have not found anything. Can you tell me more? If they have found a solution for PC's then there is a good chance it can be made to work with Macs.
  I was wondering if Apple has come out with a security fix of their own yet?  
  Although the information you were given is the best available at this time, it really don't feel it adequately answered your question.
  As far as I have been able to find out, all computer users are equally impacted by this issue and there is no way to protect yourself other than to stay off of secure sites until they have told you they are safe. Don't even go onto those sites to change your password until you know that they are safe.

• Heartbleed bug and Mavrick

  Are there vulnerabilities from the Heartbleed bug using Mavrick?

  charliefrommi wrote:
  How can one know whether or not a server is secure?
  There are a number of testing tools available and websites that list the current status of the major websites. C|net is one of them. Security experts say you should change your password for any affected site only AFTER they have patched their servers. Doing so before the site is updated doesn't prevent anything.
  http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

• HT6162 does update cover the 'Heartbleed' bug?

  does the recent update for IOS include the open SSL fix for the heartbleed bug?

  Joe_depo wrote:
  does the recent update for IOS include the open SSL fix for the heartbleed bug?
  As others have said, nothing can be fixed on your end. You need to stay off of secure sites where you post privacy information until they have told you it's safe to use. If they tell you they fixed the problem then you need to change your password then, but not before it's fixed.

• TS3899 Changed Yahoomail password and have tried to change it on IPad mini.  Changes, verivies, but go back to that accoundt and old password is there.  Mail being received but account was hacked from my Ipad or phone.  How do I change password permanentl

  Changed Yahoo email password due to being hacked, I think.  Tried changing of Ipad mini but reverts to old password when go to account settings again.  Tried deleting and adding mail account anew, but same deal.  How do I get password to permanently change.

  Sign out of old ID and sign in with new.
  Settings>iTunes and App Store>Apple ID

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• Password for a new bug tracker user

  I installed bug tracker and it works fine. When I created a user I didn't find where to provide/change password. When I got login screen and type new user name, I don't know what is the password. How to set password for the new user in bug tracker?

  It means that you can copy and paste an encrypted password from configuration file. Of course, passwords are encrypted if password-encryption service is enabled. Otherwise passwords are stored in plaintext in configuration files.

• How to preserve recently changed passwords during a RPD promotion/overwrite

  Hi All,
  1. We are using BIEE built-in authentication (passwords are stored in RPD file);
  2. Users are allowed to change their passwords at any time;
  3. Other than PD, we also have a DEV and a QA environements where we fix bugs and do minor enhancements;
  the questions is: How can we promote the new RPD file (from QA to PD environment) once it passes testing? If we simply overwrite the RPD file in PD environment, then recently changed passwords (the ones changed & stored in the new RPD file) will be lost. it seems we need to do a merge or something, but we wonder what the Oracle recommended solution is.
  It'd be greatly appreciated if some expert can shine some light on this issue. Thanks!!
  - D

  Yes, great questions.
  I have always used the merge process which is the base of the Obiee software configuration and I never had problem of security.
  As the multi-user environment is based on this process, you normally shouldn't have any problem.
  Do a test before and good backup before migration.
  Success
  Nico
  Below an extract of my notes :
  By default, the Oracle BI repository development environment is not set up for multiple users. However, online editing makes it possible for multiple developers to work simultaneously, though this may not be an efficient methodology, and can result in conflicts, because developers can potentially overwrite each other's work.
  To develop a repository in a concurrent version environment, you have two choices :
  * first of all, you can send the repository to the developer, keep a copy, retrieve it after modification and perform an Merge Repository
  http://gerardnico.com/wiki/dat/obiee/bi_server/obiee_repository_merge
  * second, you can set up a multiuser environment (MUD) which use the notion of Projects to split the work area. It would permit developers to modify a repository simultaneously and then check in changes.
  http://gerardnico.com/wiki/dat/obiee/bi_server/multiuser_environment
  The import option which permit to import a subset of a repository to an other repository, work but is deprecated.