Jump to content
The Dark Mod Forums
Sign in to follow this  
esme

TTLG - anyone having trouble geting in ?

Recommended Posts

Just tried looking at TTLG & got the following error

Database Error: SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.

I get this on 2 different browsers

 

Removed all saved passwords and cookies & still get it

 

Anyone else having an issue or is it just me ?

Share this post


Link to post
Share on other sites

are you using google based browsers, they've introduced a system where if a site isn't protected by certain expensive SSL certificates they are going to block access to password protected areas on those sites.

  • Like 1

Share this post


Link to post
Share on other sites

are you using google based browsers, they've introduced a system where if a site isn't protected by certain expensive SSL certificates they are going to block access to password protected areas on those sites.

 

I accessed it with Google Chrome just fine. Was able to login too.

Share this post


Link to post
Share on other sites

I think it was a database connectionerror on ttlg-forum's side.

 

The password it mentioned, is NOT about your password, but the account what the webserver uses to connect to ttlg mysql database, esme. (error 1862)

Edited by freyk

Share this post


Link to post
Share on other sites

Lately there's been a lot of exposure about the vulnerabilities in google chrome over http. Now it's public it means stuff has to be done about it.

 

Can see instantly that TTLG is http only (you'll notice in chrome that there is a broken padlock in the URL bar).

What Stumpy is saying is right (it's a conspiracy!), and Freyk's also correct that it is a server-side error thanks to google's security updates.

Probably TTLG will need to update some php or mysql as it appears as if you're getting the error because mysql is restricting you to sandbox mode or the client (your chrome browser) is connecting to the server via scripts.

It's pretty old, by the looks of things...


80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) <---win server 2008 / microsoft iis7.0

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Since it's a win home server and on http, it's potentially a very soft target.
Uses ascii string for passwords and html encoding for special characters in that field. Usernames are on the forum...

Probably TTLG could fix the issue by changing password expiration.


SET GLOBAL default_password_lifetime = 0;

So that all user's passwords do not expire, whether they connect via scripts or not.

Or the admin could migrate everything to something such as freeBDS, but they've always been windows server forever - also there's a loootttt of data over the past 21 years at that place.

Best course of action would be to use a different browser (eg firefox) and mail the admin with the issue so that it can be resolved, I'd guess.
http://www.ttlg.com/forums/sendmessage.php


I'd recommend migration, as the server has no SSL cypher mapping, however the f= parameter means it is an unlikely target for sql injection "practice".
But it is a windows server and it's vbulliten 4.2.3.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...