TTLG - anyone having trouble geting in ?

[esme]

Just tried looking at TTLG & got the following error

Database Error: SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.

I get this on 2 different browsers

 

Removed all saved passwords and cookies & still get it

 

Anyone else having an issue or is it just me ?

[stumpy]

are you using google based browsers, they've introduced a system where if a site isn't protected by certain expensive SSL certificates they are going to block access to password protected areas on those sites.

[jaxa]

are you using google based browsers, they've introduced a system where if a site isn't protected by certain expensive SSL certificates they are going to block access to password protected areas on those sites.

 

I accessed it with Google Chrome just fine. Was able to login too.

[freyk]

I think it was a database connectionerror on ttlg-forum's side.

 

The password it mentioned, is NOT about your password, but the account what the webserver uses to connect to ttlg mysql database, esme. (error 1862)

Edited December 20, 2017 by freyk

[teh_saccade]

Lately there's been a lot of exposure about the vulnerabilities in google chrome over http. Now it's public it means stuff has to be done about it.

 

Can see instantly that TTLG is http only (you'll notice in chrome that there is a broken padlock in the URL bar).

What Stumpy is saying is right (it's a conspiracy!), and Freyk's also correct that it is a server-side error thanks to google's security updates.

Probably TTLG will need to update some php or mysql as it appears as if you're getting the error because mysql is restricting you to sandbox mode or the client (your chrome browser) is connecting to the server via scripts.

It's pretty old, by the looks of things...

80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) <---win server 2008 / microsoft iis7.0

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Since it's a win home server and on http, it's potentially a very soft target.
Uses ascii string for passwords and html encoding for special characters in that field. Usernames are on the forum...

Probably TTLG could fix the issue by changing password expiration.

SET GLOBAL default_password_lifetime = 0;

So that all user's passwords do not expire, whether they connect via scripts or not.

Or the admin could migrate everything to something such as freeBDS, but they've always been windows server forever - also there's a loootttt of data over the past 21 years at that place.

Best course of action would be to use a different browser (eg firefox) and mail the admin with the issue so that it can be resolved, I'd guess.
http://www.ttlg.com/forums/sendmessage.php


I'd recommend migration, as the server has no SSL cypher mapping, however the f= parameter means it is an unlikely target for sql injection "practice".
But it is a windows server and it's vbulliten 4.2.3.

[Oktokolo]

Some site stops working because of a server-side database connectivity issue and people start blaming some browser. I better go back to the nazi thread...

[esme]

I'm back in, looks like it was their database pw like freyk said, thanks