Hi,

Recently I have discovered a flaw in the admin passswords to login to MM5.

My old password was something like:

AA11BH12 (not the actual one, but you get the idea)

I then changed it to something like:

AA11BH121234 (In other words appended 4 digits to the end)

I wanted to do this so all our staff login with the same password, but appended with their own 4 digit code.

However I can now login using BOTH of the above pass words.
Eg:
Password AA11BH12 or AA11BH121234 works.

This seems to be a bit of a flaw! Has any one else experienced this problem.

Also: My store has 4 administrators and 1 manger (Me). But it appears that my administrators can change other administrators passwords, which seems to defeat the object of high security. Is there a way to stop them being able to do this?

Regards

Jake Herbert

This has unfortunately always been the case with Miva Merchant; only the first 8 characters in the password are used. It may be due to the length of the password hash field as stored in the users database.

On the other question, no, admins can change each other's passwords, just like admins on most operating systems, etc. If someone should not have administrator access, then create them as a regular user and assign them either as a store manager or define a "group" within each storefront they need access to where you then define the specific rights they need to have and make the person a member of that group; then they can do everything they need while not being able to change admin passwords.

Thanks!

Only been using Miva 6 years and never new about groups. Doh!

Much better system. Thank you.

Thanks!