Today, we are going to fix some of the login issues encountered while trying to login to a website.
Did you tried login in to your profile on any portal or website and you received an error message that is stopping you from login in?
Where you locked out of your Profile while you tried to access your details on a particular website and a login details was shown to you?
If for one reason or the other you receive that error shown in the Image Above are unable to login to any website, we are going to show you ways in which you can fix that problem and be able to login successfully.
Let’s start by listing some of the problems that may be stopping one from login in to his or her account.
- Server or Database Error
- Invalid Username or Email Address
- Invalid or Incorrect Password
The login problems listed above are the major ones that people do experience while trying to login to any website or portal.
We are going to analyse each of those problems and know how to tackle it.
Problem 1: Server Error or Database Error
We made Sever or database error the first problem because this issues are not caused due to invalid login details such as wrong username or wrong password.
This problem is encountered when a website or portal is undergoing maintenance or changes in the system which usually comes with the login system being disabled.
If you received any error message containing some lines or strings of code that you can’t interpret, then the website is having a server or database error that is stopping users from accessing they details.
So, If this type of error occurs, then it wasn’t because you entered a wrong username or password, in which case you will have to try again later.
But if the error message contains a username or password type of thing, refer to problem 2 and 3 below.
Problem 2: Incorrect Username or Email Address.
This error comes up when one tries to login with a username or email address that does not exist in the Database of the portal you are trying to login to.
In another way, it means the Username or Email address was not registered for ant profile in the system.
How to Fix Incorrect Username or Email Address Issue
- Check that you entered the correct email address or username you are trying to login with before trying to login again.
- If you are not sure if it’s the correct email address or username, login to your email address and search for activation message from the website you are trying to login to and see if the message was actually sent to that email address.
- If it was sent to the email address, check if a username was included in the Email address as that will be the correct Username.
- If you an activation message in your mail box when you logged in, then the email address is correct OK which case the login error or problem may be with the password you are trying to login with.
Problem 3: Invalid Password or incorrect password
This occurs when the password you are using to login to a particular account is not matching with what is in the system.
A login will be successful if a username is entered and a password created for that username is also entered correctly.
An error will occur if the wrong password is entered while trying to accessing a particular profile on a database.
How to fix Wrong or Incorrect Password
Some website sends both the username and password to the registered email address during Sign Up.
- So Login to either your gmail or yahoo mail email address and search for login details with the name of the website you are trying to login with. Example: Facebook login details or Twitter login details.
- Check if a message containing the username and password was sent to your email address.
- If the message exist, copy the password there and login with it.
- If there is no such message containing the correct username and password, then you are going to do a password reset.
How To Do A Password Reset
If you don’t have your password, you can quickly do a password reset it a change if password even when you don’t have the previous password.
- Look down below the login page and locate a link with “Forgot Password?” or similar writing bearing sane message.
- Click on that link and you will be required to supply your correct email address used while you registered on the website.
- Enter the Email Address and click Reset it Send me new password as the case may be.
- A new link will be sent to your email address that will enable you change your password.
- Click on that link and you will two box.
- The first Box is where you will enter a New Password.
- The second password is where you will confirm or repeat the password you entered in the the box.
- Enter the details above and click on Change Password or any Call to action button that is below the boxes.
Boom! You password has been changed to the new one you just entered.
Visit the login page and login with the newly created password.
#43037
closed
defect (bug)
(fixed)
| Reported by: |
|
Owned by: |
SergeyBiryukov |
|---|---|---|---|
| Milestone: | 5.3 | Priority: | normal |
| Severity: | normal | Version: | 2.8 |
| Component: | Login and Registration | Keywords: | has-screenshots has-patch has-copy-review |
| Focuses: | ui, accessibility | Cc: |
Error messages should always clearly describe the error to allow users determine what is wrong. This is also a WCAG requirement, as recently pointed out in #42985.
When entering an invalid username (or email), the returned error message is Invalid username. Lost your password? (or invalid email address), with a link pointing to the retrieve password page:
While this link makes perfectly sense when users enter a wrong password, it doesn’t when they enter a wrong username. The error is a wrong username, why I should ever be offered a link to retrieve my password?
Introduced 9 years ago in [10960] see #9442, and then duplicated for the email login in [36617] see #9568.
логи все перерыл ничего такого нет )) куда копать?? сброс пароля не работает , хотя от крона приходят на почту сообщения
sudo /usr/local/vesta/bin/v-update-sys-queue traffic
/bin/sh: 1: sudo: not found
система
Distributor ID: Debian
Description: Debian GNU/Linux 7.2 (wheezy)
Release: 7.2
Codename: wheezy
иногда вместо Invalid username or password
выскакивает .NO LANGUAGE DEFINED
в логах nginx-error.log
013/10/15 03:07:59 [error] 2371#0: *2 FastCGI sent in stderr: «PHP message: PHP Notice: Undefined index: language in /usr/local/vesta/web/inc/main.php on line 23» while reading response header from upstream, client: 10.0.0.2, server: _, request: «POST /login/ HTTP/1.1», upstream: «fastcgi://unix:/var/run/vesta-php.sock:», host: «x-x.x:8083», referrer: «https://x-x.x:8083/login/»
2013/10/15 04:56:36 [error] 2323#0: *2 FastCGI sent in stderr: «PHP message: PHP Notice: Undefined index: language in /usr/local/vesta/web/inc/main.php on line 23» while reading response header from upstream, client: 10.0.0.2, server: _, request: «POST /login/ HTTP/1.1», upstream: «fastcgi://unix:/var/run/vesta-php.sock:», host: «x.x.x.x:8083», referrer: «https://x.x.x.x:8083/login/»
Lets say a user is logging into a typical site, entering their username and password, and they mistype one of their inputs. I have noticed that most, if not all, sites show the same message (something along the lines of, «Invalid username or password») despite only one input being wrong.
To me, it seems easy enough to notify the user of which input was wrong and this got me wondering why sites do not do it. So, is there a security reason for this or is it just something that has become the norm?
asked Jul 30, 2012 at 8:40
20
If a malicious user starts attacking a website by guessing common username/password combinations like admin/admin, the attacker would know that the username is valid is it returns a message of «Password invalid» instead of «Username or password invalid».
If an attacker knows the username is valid, he could concentrate his efforts on that particular account using techniques like SQL injections or bruteforcing the password.
answered Jul 30, 2012 at 8:44
13
As others have mentioned, we don’t want you to know whether or not it was the username or password that was wrong so that we are not as susceptible to brute-force or dictionary attacks..
If some websites wanted to let their users know which one failed while still being in the green security-wise, they could implement «honeypot» usernames (such as Administrator, admin, etc.) that would alert website admins that someone is snooping around their website. You could even setup some logic to ban their IP address if they were to attempt to login with one of those «honeypot» usernames. I know one person who actually had a website and put in their source code an HTML comment such as «Since you keep forgetting Richard: Username: cheese Password: Burger123» near the login box with the intent to monitor any IP address that attempted to use that username/password. Adding monitoring logic like that is a lot of fun when you’re developing a website.
Of course, logging invalid login attempts and adding appropriate logic to deal with those IP addresses works too. I know some would disagree with me, but depending on the type of website, I don’t think it is too big of a deal to let the user know as long as you add additional security measures in preventing different kinds of attacks.
answered Jul 30, 2012 at 13:12
GaffGaff
3513 silver badges5 bronze badges
4
My favorite secure implementation of this is done by a bank I use. If I type in my username correctly, it will say «Welcome Jimbob!» and then prompts me to answer security questions (if I have never logged in from this browser on this computer), wait for me to answer the security questions correctly, and then will let me see my security image/caption and input my password. If I type in the wrong username, I will see something like «Welcome Bessie/Kareem/Randal!» where the displayed name is very uncommon — though you will always be the same name for a same username (I’m usually not sure between one or two usernames; and the wrong one consistently calls me Frenshelia). I assume its implemented as some sort of non-cryptographic hash applied to any inputted username that uniquely map to one username on a long list of fairly uncommon names. This lets legitimate users know if they typed in the wrong username (as even if you have an uncommon name like Bessie; its very unlikely that the wrong username you randomly guessed maps back to your specific uncommon name), without making it obvious to people trying to find random accounts that the username doesn’t exist.
As an aside: I’m not particularly fond of the security questions/security image part, which seems to border on security theater. A sophisticated attacker doing a man-in-the-middle (MITM) attack (e.g., after installing fake certificates in your web-browser; and DNS/ARP spoofing to point yourbank.com to their IP address) could wait until you try logging into the site, then have an automated script sign in on their computer to the real site, get the security questions, display the chosen security questions back to you, send back the answers to the site themselves from their browser, wait to get the security image, serve back the security image to you, and then wait for you to input the password from their end at which point they use the password to log in as you and do malicious things. Granted the questions+image makes the process more difficult than having all the time in the world to collect all the security images for a variety of attacked usernames by turning it into an attack that must be done in real-time and possibly leaves a suspicious signature.
answered Jul 30, 2012 at 19:48
dr jimbobdr jimbob
38.9k8 gold badges92 silver badges162 bronze badges
2
Other answers provide good insight on security reasons behind this behavior. Although they are correct, I’m pretty sure that at least some websites just have the authorization routine programmed the way it’s impossible to tell what was wrong — login or password.
Sample query:
SELECT COUNT(*) FROM users WHERE login = 'john' AND hash = '2bbfcdf3f09ae8d700402f36913515cd'
This will return 1 on successful logging attempt and 0 if there is no user with such name or this user has different password. There is no way to tell which part of the condition failed. So when it comes to displaying error message programmer just honestly tells you that something is wrong and he isn’t really sure what exactly it is.
I personally saw similar queries in few PHP-based websites so I’m pretty sure that part of the reason comes from the way the authentication process is coded, really.
Rory Alsop♦
61.5k12 gold badges117 silver badges321 bronze badges
answered Jul 30, 2012 at 19:54
DypplDyppl
2312 silver badges4 bronze badges
8
The security reason behind it is otherwise it becomes a lot easier to find valid usernames.
answered Jul 30, 2012 at 8:42
Lucas KauffmanLucas Kauffman
54.2k17 gold badges113 silver badges196 bronze badges
In addition to all great answers already given, there’s a generic security principle which says you shouldn’t provide unsolicited information to unauthorized users. I.e. if you have a choice to answer either «your authentication data is not valid» or explaining which part is not valid — you should always choose the former. Some very nasty cryptographic attacks are based on the tiniest amount of error information provided by implementation trying to be «helpful» — see Padding oracle attack. So it is a good idea to always opt for the littlest possible bit of information disclosed to the unauthorized entity — i.e., if his username/password combo is not good, you always answer «username/password not good», and never disclose any more data. Even if in a specific case (like gmail where username is public) it’s not important, it’s a good practice to adopt by default.
answered Jul 30, 2012 at 23:41
StasMStasM
1,8712 gold badges15 silver badges23 bronze badges
Let’s say you enter a random username and an equally random password(just note what password you enter ). Now the passwords can be common among the n users. So, if the website says the password is correct… then you know what follows next.. mayhem among the genuine users as getting login names are quite easy.
answered Jul 30, 2012 at 14:20
Providing ambiguous answer is useful to prevent user enumeration attack.
In some cases attacker doesn’t need to compromise user account. Information that user has account is sufficient without any other action. For example it’s valuable information for commerce that their customer has account on competitive web shop.
answered Jul 30, 2012 at 19:02
I appreciate various answers above as they say the most but sometimes Applications are also unaware what is wrong UserName or Password. In case of a token based authentication specially to implement SSO (Single Sign On) e.g. IBM Tivoli Access Manager your application either receives a successful token or gets an error back.
answered Jul 30, 2012 at 23:31
if the login is an email address, it’s easy to find out that a person is registered at a website — I might not want that >> Sometimes people use email account real password for websites they register when they use email id as login id 
answered Jul 30, 2012 at 19:22
На чтение 6 мин. Опубликовано 15.12.2019
Всем привет, ну и сразу к делу.
Корч словил я вирус 12kotov(может кто знаком) чего только не пробовал, все закладки он мне удалил(было очень грустно) вылечить не удалось, решил навести полный порядок и снести всё к заводским настройкам (на самом деле это было в порыве гнева и нервов).
В течении суток я все устанавливал, плагины и кучу прог.
Вродь все хорошо, но тут гит!!
(Можно читать сразу отсюда)
Открыл папку в которой раньше верстал, до отката системы, дошло дело до пуша и тут бац, просит лог и пароль, достал блокнот, ввел, пишет:
Username for ‘https://github.com’: adf(эт я просто для вас отбалды написал)
remote: Invalid username or password.
fatal: Authentication failed for ‘https://github.com/YaroslavShilov/Blank.git/’
Зашел на гитхаб и восстановил пароль.
Ввожу снова и опять тоже самое, начал пробовать вводить и логин и почту и что только не делал, не работает.
Создал другой репозиторий, пытаюсь пушить через https и снова тоже самое, пропушил его через ssh ключь, все работает
Отсюда можно придти к выводу «пользуйся ssh», но теперь все,что незаконченное лежит на Пк мне нужно удалить и клонировать, а если у меня там гора коммитов которые не пропушены?
Я и гуглил, но ни чего найти не смог, как быть?
Этичный хакинг и тестирование на проникновение, информационная безопасность
BeEF – это сокращение от Browser Exploitation Framework (платформа эксплуатации браузеров). Это инструмент для тестирования на проникновение, который специализируется на веб-браузерах.
Дополнительную информацию о том, что такое BeEF и как его применять вы найдёте в переводе документации, в статье «Базовое использование BeEF».
Эта же заметка посвящена вопросу как установить BeEF на Linux Mint или Ubuntu. В таких дестрибутивах как Kali Linux и BlackArch BeEF уже присутствует. Для других ОС Linux в официальной документации имеется сразу два руководства по установке BeEF:
Также имеется установочный скрипт BeEF:
В этой же заметке я покажу мой способ по установке BeEF на Linux Mint или на Ubuntu.
Всю установку можно выполнить следующим набором команд, которые нужно вводить в консоли:
Возможно, при вводе команды
появится следующая ошибка:
Это ошибка Rubygems 2.7.5. Разработчики про неё знают и, конечно же, исправят. В качестве временного решения предлагается понижение до предыдущей версии:
Для запуска BeEF в Linux Mint или на Ubuntu выполните в терминале:
После этого (не закрывая окно консоли) откройте в веб-браузере адрес http://localhost:3000/ui/panel, вы увидите панель входа BeEF:
По умолчанию логином и паролем являются beef/beef.
Вначале вы увидите, что доступно всего несколько действий, поскольку ещё ни один браузер не был подцеплен. Чтобы потренироваться в работе с BeEF, вы можете открыть в вашем браузере демо страницу ( адрес должен быть http://localhost:3000/demos/basic.html и http://localhost:3000/demos/butcher/index.html )
Решение проблемы с ошибкой «ERROR: invalid username or password»: не подходят учётные данные, неверное имя пользователя или пароль
Как сказано выше, учётными данными по умолчанию являются beef/beef.
Тем не менее, эти учётные данные могут не работать, т.е. при попытке входа в панель управления BeEF будет показываться сообщение:
При запуске BeEF обратите внимание на следующие предупреждения:
В них сказано, что используется стандартное имя пользователя и слабый пароль. По этой причине без нашего ведома пароль был заменён на 21d2415d22a883368f7f6a116bd9f9f4 (у вас будет своё значение). Логином (именем пользователя) по-прежнему является beef.
This topic has been closed to new posts due to inactivity. We hope you’ll join the conversation by posting to an open topic or starting a new one.
- English
- /
- NETGEAR Forum
- /
- Home Networking
- /
- Legacy for Home
- /
- Stora Legacy
- /
- «invalid username or password please try again»
- Community Home
- Community Browser:
- NETGEAR Website
- Support
- Downloads
- MyNETGEAR
- English
- /
- NETGEAR Forum
- /
- Home Networking
- /
- Legacy for Home
- /
- Stora Legacy
- /
- «invalid username or password please try again»
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Without any changes all of a sudden i started to see only «family library» under «my computer» last week and today when i got home i was logged out and tried to login with stora agent. I only get «invalid username or password please try again» time after time, i can login at mystora.com with my password but it´s impossible with stora agent. I have rebooted everything in the network and changed the password and changed it back but with no luck, anyone else here with this problem?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Yes — I didnt have any joy with the latest version of the stora agent. IIRC I had same issue as you. I reverted to the prev version of the agent and all was OK (sorry — not at home atm — so cant check the version numbers).
I saw the problem on all my comps accessing the stora — so XP, Vista and Win 7 (mix of 32 and 64 bit).
I did post here on forum — but didnt chime with many people — so not sure anyone doing anything about it — I just hoping it fixed in next version.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
| Yoji wrote: |
|---|
| Yes — I didnt have any joy with the latest version of the stora agent. IIRC I had same issue as you. I reverted to the prev version of the agent and all was OK (sorry — not at home atm — so cant check the version numbers).
I saw the problem on all my comps accessing the stora — so XP, Vista and Win 7 (mix of 32 and 64 bit). I did post here on forum — but didnt chime with many people — so not sure anyone doing anything about it — I just hoping it fixed in next version. HTH |
I’ve been thinking about this after i read your post, the only thing i’ve changed the last month or 2 is that i upgraded stora agent last week, just when the problems started to occur, unfortunately i threw the previous version away so i hope i can find an older version. I’m at work til tomorrow morning then i’ll try getting an older version, if it works it doesn’t matter too much what others think, thanks for posting 🙂
Hi Faris,
How are you implementing your login action? Are you using the User_Login Server Action from the Users module?
If you do, then the password should not be encrypted when you call that server action.
Kind regards,
Rui Barradas
Rui Barradas wrote:
Hi Faris,
How are you implementing your login action? Are you using the User_Login Server Action from the Users module?
If you do, then the password should not be encrypted when you call that server action.
Kind regards,
Rui Barradas
Here how I’m implementing it, I use user_login server action and it wasn’t working then I tried using encryptpassword and still not working.
Faris Abdullah Almozini wrote:
Here how I’m implementing it, I use user_login server action and it wasn’t working then I tried using encryptpassword and still not working.
Hello Faris,
Hope you’re doing well.
Since you are using the User_Login server action from the Users Module, you don’t need to encrypt the password when you’re calling that action.
Responding to your previous question, you should always use your username (and not the e-mail, unless the e-mail is the same as the username).
However, it is important to mention some things.
Firstly, you need to verify which is the User Provider that you’re using in your module / application.
You can find these properties in the module properties.
Make sure your User Provider Module is set to Users. This will allow you to use the users created in the Users application to enter in your application. Please keep in mind that these users are different from Service Center users and from OutSystems website users.
Secondly, you need to create the user(s) that you want to use in your application. Like I said before, you can do this using the User application (or creating the record directly in the User System Database Entity). This User application is an OutSystems application that is installed by default with the platform that allows you to create and manage users.
In order to do this, you should access into the users application in your browser: <your-server>/Users
By default, you always have the admin user that you may use to enter the application.
You can try:
Username: admin
Password: admin
Kind regards,
Rui Barradas
Hi,
can you share the error from service center?
Cheers
Miguel Verdasca wrote:
Hi,
can you share the error from service center?
Cheers
How to see the errors in the service center?
Hi Faris,
In Serive studio click here it will redirect to service center and See monitoring Tab and find Error log
or you can direct enter url for Service Center
https://xxx.outsystemscloud.com/servicecenter
where xxx is your domain
regrads
Rahul Sahu
You just have to do what Raul mentioned.
Open your service center, go to Monitoring and then on the first tab, you have the errors. You run your application and make the use case that is generating an error, and after getting the error, you go to the service center, and do the detail of the error you gave.
In case you don’t know how you can go to Service Center, in your Service Studio you just need click in the following button
Cheers
Thanks for the clear explanation, this the details of the error:
Hi Faris,
Error like your username and password is incorrect.
you need to check username/password or may be try with email id which is in Users application when you provide user registred time.
Also check if you made self created login page than all process is right or if you are using outsystem default login than need to check once email_id.
Regards
Rahul sahu
Rahul Sahu wrote:
Hi Faris,
Error like your username and password is incorrect.
you need to check username/password or may be try with email id which is in Users application when you provide user registred time.
Also check if you made self created login page than all process is right or if you are using outsystem default login than need to check once email_id.
Regards
Rahul sahu
I checked my username and password I’m pretty sure I entered it correctly.
You mean I should use the email_id instead of username in log in?
Faris Abdullah Almozini wrote:
Hi
I created a log in page but every time I log I keep having this error «invalid username or password»
After my search, I found out that my problem was not having Encrypted Password action, I just added it to my module but how can I use it?
Hi Faris ,
Can you share OML File..or else you can check when you are using Encrypted Password action then you are using createorupdate action in that action in password attribute u can pass the value of EncryptPassword.EncryptedPassword.i have shown in below screenshot.
I hope it will help you !.
Thanks.
Sorry for the late reply, I did all the things you told me guys but no luck, here’s how the passwords and usernames are saved:
Hello Faris,
Yes, that seems to be correct. Because the passwords are encrypted when they are saved in the database.
However, when you call the User_Login action, you should pass the real value of the password (not encrypted).
Kind regards,
Rui Barradas
Rui Barradas wrote:
Hello Faris,
Yes, that seems to be correct. Because the passwords are encrypted when they are saved in the database.
However, when you call the User_Login action, you should pass the real value of the password (not encrypted).
Kind regards,
Rui Barradas
Yup thats what I did, but it keep giving me invalid username or password I think there’s something I did something was not right
Rui Barradas wrote:
Hello Faris,
Yes, that seems to be correct. Because the passwords are encrypted when they are saved in the database.
However, when you call the User_Login action, you should pass the real value of the password (not encrypted).
Kind regards,
Rui Barradas
Also is it normal for the username value to be (0)? even though I wrote the username with letters.
Did you try login to Outsystems users management application with the user/password
User Management App Url:http://<environment address>/Users
Tom Zhao wrote:
Did you try login to Outsystems users management application with the user/password
User Management App Url:http://<environment address>/Users
Yes I did, and created a username there and it signed me in to my app once but then I got the error again
Hello Faris,
To be honest, it is not normal. I was about to point that in my previous post, but it could be on purpose. How did you create that username? Did you use the Users application?
https://<your-server-address>/Users
Kind regards,
Rui Barradas
Hi Team,
We are facing the similar issue, from yesterday developers are not able to login through Outsystems studio.
Request help if this issue is encountered by anyone previously and solution is found?
Thanks,
Saicharan
Hello Saicharan,
I believe your issue is different.
This issue was related with the login on the application, yours is related with the login on the Service Studio.
I suggest that you create a new thread in the forum so everyone can try to help you with your issue.
Kind regards,
Rui Barradas