Updating default login credentials

Technical Support
1

I’m having trouble updating the default admin role login credentials(medic/password).
This is to avoid unintended admin logins by those familiar with the default CHT credentials

Describe the Bug
After updating the user password while logged in using the default credentials, the update seems successful but subsequent logins using the new password fail.

How To Reproduce The Issue
List steps for someone trying to reproduce the behavior. For example:

  1. Log in using the default credentials (medic/password)
  2. Go to the app menu and select User settings
  3. Click on ‘Update password’
  4. Set a new password

Expected Behavior
I expect to log in using the newly set password on my next login

Environment

  • Instance: self hosted installation
  • Browser: Google Chrome
  • Client platform: Linux - Ubuntu 18.04
  • Docker version 20.10.3, docker-compose version 1.28.2
  • App:webapp
  • Version: 3.9.0

Additional Context
I’d like advice on how to either change the default credentials password or disable the default account

1 Like
2

I’ve just reproduced this on my machine. The dialog reports success the HTTP request returns 200, and the API log reports success, but alas the change doesn’t stick! I’ve raised an issue to either fix this, or let the user know how to manually change the admin password.

I think the workaround is to change the admin password by following the CouchDB documentation which may need root access to the instance.

1 Like
3

Hi @gareth, we have been going through the same issue in our CHT 4.1.0 instance and we are having trouble resetting the password through the means you mentioned. Could you please walk us through the process of changing the password?

The steps I have taken so far are:

  1. Logged into the Server and accessed cht_couchdb_1 container
  2. Opened the file /opt/couchdb/etc/local.ini
  3. Added the field medic = password under [admins]
  4. Restarted the docker container using docker restart cht_couchdb_1

But it does not replace the plain-text password in the local.ini file with the hashed version as stated in the documentation and the password remains unchanged.

We are just looking to revert medic password back to original but it is not working at all.

cc: @sanjay @nitin @niraj