XF 1.5 Log-In Error. Makes password visible?!

[cayne]

Since a couple of hours the error log is getting filled with this error:

ErrorException: unserialize(): Error at offset 16 of 15 bytes - library/XenForo/Authentication/Core12.php:24
#0 [internal function]: XenForo_Application::handlePhpError(8, 'unserialize():

The hosting company is currently trying to figure out what caused this error.

The weird thing is that it seems like the error-log contains the password of the user in plaintext. I feel like that should never happen. If anybody has an idea what might have caused this, please let me know - also if you need more information from my end.

 

[whynot]

"Log-In Error. Makes password visible?!"
Are you using addons? Some of them could cause it.

 

[cayne]

I am, but I haven't changed anything. This is the full log:

stack trace:

#0 [internal function]: XenForo_Application::handlePhpError(8, 'unserialize(): ...', '/www/forum...', 24, Array)
#1 /www/forum/library/XenForo/Authentication/Core12.php(24): unserialize('a:1:{s:4:"hash"')
#2 /www/forum/library/XenForo/Model/User.php(1300): XenForo_Authentication_Core12->setData('a:1:{s:4:"hash"')
#3 /www/forum/library/XenForo/Model/User.php(1322): XenForo_Model_User->getUserAuthenticationObjectByUserId(278135)
#4 /www/forum/library/XenForo/ControllerPublic/Login.php(109): XenForo_Model_User->validateAuthentication('tuffy05', 'pwd in plain text', NULL)
#5 /www/forum/library/XenForo/FrontController.php(351): XenForo_ControllerPublic_Login->actionLogin()
#6 /www/forum/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#7 /www/forum/index.php(13): XenForo_FrontController->run()
#8 {main}

request state:

array(3) {
["url"] => string(43) "index.php?login/login"
["_GET"] => array(1) {
["login/login"] => string(0) ""
}
["_POST"] => array(6) {
["login"] => string(7) "tuffy05"
["register"] => string(1) "0"
["password"] => string(8) "********"
["cookie_check"] => string(1) "1"
["redirect"] => string(38) "/index.php?forums/"
["_xfToken"] => string(8) "********"
}

 

[Chris D]

How are you or your host getting on with working out why this happened? There's zero expectation that this would ever happen, so that's the priority here, first and foremost.

If you need any help looking into this, please submit a ticket from your customer area and please provide, at minimum, access to the database. Ideally, we'd need access to the Admin CP too.

 

[cayne]

I'm on a fully managed system, they don't tell me every step they take...the ticket is currently open, but in progress.

I'll submit a ticket, not sure if I can get you access to the database, but admin should be possible.

 

[Chris D]

Database will be the most significant thing. We need to ascertain what data is in the authentication data field and try and get some idea of a) how it happened and b) how to resolve it.

It's potentially a bug, or some other data corruption that I fear your host may not be able to resolve unless they're technically familiar with XenForo.

 

[cayne]

They said database access should be no problem either, submitting the ticket now.