My test colleague uses SpiraTeam and needed some help restoring a backup. After restoring we granted access to the database from IIS (network service). But now he tells me nobody knows the Administrator password. What to do?

Solution

The SQL Server database of SpiraTeam contains the users with their (hashed) passwords. The steps below show how I gained access without knowing the origional password or the answer to the password reset question.

• Make sure you have access to the database with something like SQL Server 2008 Management Studio Express
• Register for an account with the link on the login screen, you will know this password
• Update the administrator user in the database with the password and hash from the new account. This will

  UPDATE [dbo].[tst_user]
  -- exact copy-paste from new user!
  SET [PASSWORD]         = 'SSu3dCIy8pYaCmqi9dXU+0sm9Kg='
    , [PASSWORD_SALT]    = 'jQLO/JRcWFwP0S0tvoLAEQ=='
    , [IS_LEGACY_FORMAT] = 0
  WHERE [user_id] = 1
  

• Log in with Administrator and the password you entered when registering for the new account
• You can now start creating new accounts and granting access, since you’re now
• [optional] Ask SpiraTeam for this process in a new feature

Background

SpiraTeam uses ASPNET SQL Membership providers with a (salted)hashed password. This encryption is one-way and there is no way (except for brute force) to recover a password. But when you have access to the database you can use the system against itself.

By registering for an account the system inserts a new record in the user table with an encrypted password. Now we have an encrypted password we do know the unencrypted value for. Update an existing user with the encrypted password and password_salt with the values for the known password and you have access to the system with that user.