Introduction

Alfresco is a Content Management System, recently purchased by Hyland. I needed the steps to reset the admin password through the database. I decided to document the steps here.

Inspect passwords

The passwords are stored in essentially NTLM format (utf16le encoded in md4 hash). You can’t really turn a hash back into a password, however you could obviously turn a string into a hash. This could possibly be brute forced.

-- This worked with Alfresco 5.2 on Oracle 12g.
SELECT
    anp1.node_id,
    anp1.qname_id,
    anp1.string_value,
    anp2.string_value
FROM
    alf_node_properties            anp1
    INNER JOIN alf_qname           aq1  ON aq1.id = anp1.qname_id
    INNER JOIN alf_node_properties anp2 ON anp2.node_id = anp1.node_id
    INNER JOIN alf_qname           aq2  ON aq2.id = anp2.qname_id
WHERE
        aq1.local_name = 'password'
    AND aq2.local_name = 'username'

The hash in this example is “209c6174da490caeb422f3fa5a7ae634”

Generate Password

# rhel 7.2
printf '%s' "admin" | iconv -t utf16le | openssl md4

No concidence in the example, the hash is exactly the same “209c6174da490caeb422f3fa5a7ae634”. That means in this example the password was already set to “admin”.

Update Password

Modify the below update statement, and verify the node_id, qname_id, and string_value match the account and value you need to update.

-- Oracle 12g

UPDATE alf_node_properties SET string_value='209c6174da490caeb422f3fa5a7ae634' WHERE node_id=4 and qname_id=10;