Stuck password with 2.0.19993

  • @RoiEX said in Stuck password with 2.0.19993:

    If you want to go the manual route (assuming you're using windows), pleaso download this zip and unzip it:
    It contains a file you should be able to double click, and confirm a dialog that pops up.
    This should remove any stored A&A Forum password altogether.

    If you think the "remember password" feature doesn't work all for you you can consider submitting a bug report:
    Maybe there's a real bug involved somewhere, but I find this unlikely since we haven't touched this mechanism in a while now and nobody had any notable issues with it. (At least none were reported)

    Thanks! I'll try it.

  • I did this. The old password didn't pop up. Looked promising. Closed down the client and started it again. And there it is. Same as with Jim. Didn't work, sorry.

  • Admin

    @Jim-Parker Can you test this scenario for me?

    1. Clear out the password manually again.
    2. Start the Game and Set the password
    3. Copy the saved encrypted password somewhere
    4. Restart the Game
    5. Check if the encrypted password stored changed.

    My suspicion is that we might have an error in the decryption algorithm on Linux systems

  • @RoiEX said in Stuck password with 2.0.19993:

    My suspicion is that we might have an error in the decryption algorithm on Linux systems

    I use Windows.

  • @RoiEX
    Ok, I tried the test you provided and got weird results...

    My AAA forum password was magically repopulated the first time as described before. But when I cleared it again and restarted the game, my username repopulated the field, but the password was blank. That's strange, but more interesting was the password hashes in the prefs.xml

    the first time through I had a A&A and TripleA forum username and password. The second time
    The A&A username and password were different from first time. The TripleA username was identical, but no password entry existed, which seems to indicate the dialog is pulling data from TripleA to fill A&A forum info.

    Actual hashes below:

    First time hashes

    <entry key="A&amp;A_FORUM_PASSWORD" value="[redacted]Eg==.Ky/owSzgty5nCkT03Y0TgA=="/>
    <entry key="A&amp;A_FORUM_USERNAME" value="[redacted]Rg==.Q0aH/UCxk8PmFr4YVwoCiA=="/>
    <entry key="TRIPLEA_FORUM_PASSWORD" value="[redacted]kw==.rZYIYfRTCuz50R8RB0uYhw=="/>
    <entry key="TRIPLEA_FORUM_USERNAME" value="[redacted]lA==.vggx546emjUyX3EzfVJrVA=="/>

    Second time hash:

    <entry key="A&amp;A_FORUM_PASSWORD" value="[redacted]Uw==.xFgiuzMUo13j3CE9Z3m1PQ=="/>
    <entry key="A&amp;A_FORUM_USERNAME" value="[redacted]ZA==.LduQLFVWk9UyngFBJIl7nQ=="/>
    <entry key="TRIPLEA_FORUM_USERNAME" value="[redacted]lA==.vggx546emjUyX3EzfVJrVA=="/>

  • I've installed 2.0.20036. No change.

  • Moderators Admin

    Has this been resolved? I am getting notifications about similar errors on A&A .org.

  • Admin

    I haven't looked into it so far, but it sure looks like this is a common issue, so definitely worth creating a github issue

  • Moderators Admin

  • Admin

    So I did some digging and I have identified a potential error source.

    @Jim-Parker Could you check .userPrefs/games/strategy/security/prefs.xml for me and check if that changes as well?
    If it does this would already explain a lot, but not everything. If it doesn't I'll have to check elsewhere.
    Do NOT post the contents of this file here, it contains the password used to encrypt the passwords. Also I redacted them in your previous post, just to feel a little bit safer.

  • @RoiEX Nope. ./security/prefs.xml did not change.

  • @RoiEX Thanks for fixing my naive post of passwords.

  • Admin

    Ok, next set of questions:

    .userPrefs/games/strategy/security/prefs.xml has a fixed property called DEFAULT_CREDENTIAL_MANAGER_MASTER_PASSWORD right? I just want to make sure it actually saves the key it encrypts the passwords with.

    When you're just looking at your engine preferences: The username you configured along with the password. Does it change as well? Or is it the same username you entered in the first place?

    If it does indeed change: When does it change? After closing and reopening the game/window/tab, something else?

  • Admin


    Thanks for fixing my naive post of passwords.

    If that helps: I'm "currently working" (read as "I should finish this little project soon but haven't proceeded so far") on a small change to the system so we no longer store real passwords, just encrypted Login Tokens that can be revoked and re-created at any time.

    I doubt that this planned change will fix the issue you're currently experiencing, but if all attempts to nail the problem down fail that would be an option as well.

  • Yes. security/prefs.xml does have a property DEFAULT_CREDENTIAL_MANAGER_MASTER_PASSWORD.

    If I open engine preferences, I see my username and -- a 10-character password!! However, whenever I open a game it loads my username and an 8-character password...
    If I load a game, and then post and quit. I still see my username in the Engine preferences, and a 10-character password. HTH.

  • Admin

    The 8 character password on the UI is a dummy value, the back-end still has your original password. The problem is that there is a case where the front-end sends the dummy password to the back-end which is only supposed to happen when you are actually typing a legitimate password. The backend then dutifully stores the dummy password value.

    This update fixes the problem:

  • @LaFayette Yea!!! That works! Thank you.

Log in to reply