Hi everyone!
We are using Moodle 3.9+ with Classic theme and this week we are facing with an issue during the users’ login.
In particular, some users are not more able to login even if the credentials (username and password) are valid.
We are analyzing the problem and it seems that the problem is due to the hash algorithm used for storing the passwords.
Following the use case:
- If the hash algorithm for the stored password is $2y$04, the user cannot login and he has to change the password (even if the password is still valid).
- If the hash algorithm for the stored password is $2y$10, the user correctly logs in.
- For the new user, there is not that problem. The user is able to change the default password (we force the password change at the first access) and the user correctly logs in.
We are not setting the type of hash algorithm to be used by Moodle for the password storage and it seems that the chosen algorithm is random.
Does someone know if recently some Moodle settings are changed related to the authentication?
How is it possible to avoid and permanently solve that problem?
Thank you for your help!