3509066 - Automatically Re-hash Passwords Hashed with Deprecated Algorithms Upon User Login

User is facing issues when attempting to log into Backoffice and HAC when using a legacy password hashing algorithm.

In some cases, the legacy password hashing algorithm is used due to business needs (when the "legacy.password.encoding.enabled" property was set as true). As a configurable option, it could use the "password.encoding.auto.update.enabled" property to automatically re-encode the passwords that have been hashed with the deprecated algorithms when the user login. 

Note: As the SAP Official Help doc: Upgrading to 2211.47 mentioned, in the 2211.47 Commerce version, old insecure password encoders are removed from code, and there is no possibility to switch back to the legacy mode. Please make sure upgrade the password encoder from legacy methods to argon2 before upgrading to 2211.47 version. 

** "Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."**

• SAP Commerce Cloud 2211.28 to 2211.46
• SAP Commerce 2211.28 to 2211.46

Security, Password, password hashing algorithms, deprecate, MD5, salted MD5, PBKDF2, PBKDF2 with HMAC-SHA1 salted, plain text, SHA-1, SHA-256, SHA-512, re-hash, customer, employee , KBA , CEC-SCC-PLA-PL , Platform , Problem