/ Sitecore

Sitecore Admin Password Hacks

The presented hack expects you to have access to the SQL core db. I didn’t use this a lot before exploring Sitecore 9 that’s when I realized to make this post. The default password for sitecore\Admin is not b anymore with the new installation 9.0+ the password is auto generated at the end of install. It will be prompted which I failed to copy. If it throws an error at the end that’s common, which will not display the generated password. I faced both the scenarios.

Tip: Sql access details can be found from the connection string config file
Docker SQL connection use 127.0.0.1,1433 (1433 default port)

Execute at your own risk. I have had success with this approach. Connect to the core database and execute the needed script. The following options are available

Reset Password
This will default the password to b

UPDATE aspnet_Membership
SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc=',
PasswordSalt='OM5gu45RQuJ76itRvkSPFw==',
IsLockedOut = 0,
FailedPasswordAttemptCount = 0
WHERE UserId IN (SELECT UserId FROM aspnet_Users WHERE UserName = 'sitecore\Admin')

Reset Password with Email Recovery(9+ only)
This will help you setup email recovery with password reset

UPDATE aspnet_Membership
SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc=',
PasswordSalt='OM5gu45RQuJ76itRvkSPFw==',
IsLockedOut = 0,
FailedPasswordAttemptCount = 0,
Email='test@gmail.com',
LoweredEmail = 'test@gmail.com'
WHERE UserId IN (SELECT UserId FROM aspnet_Users WHERE UserName = 'sitecore\Admin')

Unlock Admin User
If you know the password but just need to unlock. I had this situation when Coveo had the wrong password and was trying to login with the old password, that would locak the account.

UPDATE aspnet_Membership
SET IsLockedOut = 0,
FailedPasswordAttemptCount = 0
WHERE UserId IN (SELECT UserId FROM aspnet_Users WHERE UserName = 'sitecore\Admin')

Photo by Jason Dent on Unsplash