Unable to reset password since Utah patch 8/9 with security_admin role user

George Chen
Tera Expert

‎01-17-2024 04:10 PM

Hi Community Gurus,

 

My organisation has upgraded sub-instances to Patch 9 hotfix 1 (previously Patch 7 hotfix1) but since the patch, existing with security_admin role can no longer go through password reset process like forgot password, and when new password is submitted, it raises error in the backed.

 

Error: Disallowing setting of password for user with security admin. Change must be done by another security admin. The update has been cancelled.

 

Here are my additional exploration in our environments

  • This appears impacting users inheriting security_admin role
  • By removing the role, the reset comes through (password reset)
  • By creating a blank new user with admin/security_admin role, the password reset process come through as expected.
  • So far, the impacted customers are ServiceNow admin team who inherit security_admin role (my team folks)
  • I could not replicate in PDI running Patch 7 hotfix1
  • This does not replicate in UAT Patch 7 hotfix1 (our UAT)
  • When password reset fails, logs can be seen that ‘Disallowing setting of password for user with security admin. Change must be done by another security admin. The update has been cancelled.  
  • From surface, this does seem to relate to the patches (suspicious problem- password security flaw fix

    Password Reset /PRB1675902 )

  • Steps to produce:
  • As any of existing users inherits security_admin role
  • Go through forgot password process on login page
  • Complete user identity process -> receive the email.
  • Fill in password that meets the requirement and then submit

Error occurs as described above.

Thank you for taking your time with the issue and any advice would be appreciated.

Best wishes,

George

Preview file
238 KB
Preview file
205 KB
0 Helpfuls
  • 1,978 Views
8 REPLIES 8

sumanta pal
Kilo Guru

‎01-18-2024 02:10 AM


Based on the information you've provided, it seems like you're experiencing an issue with the password reset process for users with the security_admin role after upgrading to Patch 9 hotfix 1. Here are some potential steps to resolve the issue:

1. **Check the Patch Notes**: Review the patch notes for Patch 9 hotfix 1 to see if there are any known issues or changes related to password reset functionality or the security_admin role.

2. **Contact ServiceNow Support**: If the issue persists and you suspect it's related to the patch, contact ServiceNow Support for further assistance. They may be able to provide a workaround or fix.

3. **Test in a Non-Production Instance**: If possible, replicate the issue in a non-production instance to avoid impacting your production environment. This can help you isolate the issue and determine if it's related to the patch or something else in your environment.

4. **Review Customizations**: If you have any customizations related to password reset or user roles, review them to ensure they're not causing the issue.

5. **Check System Logs**: Review the system logs for any errors or warnings related to the password reset process. This can provide more insight into what's causing the issue.

6. **Review User Records**: Check the user records of the affected users to ensure they're configured correctly.

7. **Try a Different Role**: As a test, try assigning a different role to the affected users to see if the issue persists. This can help you determine if the issue is specific to the security_admin role.

8. **Check Password Policies**: Review your password policies to ensure they're not causing the issue.

Remember, any changes should be tested in a non-production environment first to avoid impacting your production environment.


nowKB.com

George Chen
Tera Expert
In response to sumanta pal

‎01-18-2024 01:48 PM

Thanks Sumanta.  I've walked through potential customisation with my colleague and did not get any impression this was caused by the custom changes but about to raise a HI ticket since the official release notes only provide high level details password security flaw fix

Password Reset /PRB1675902 )

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron

‎01-18-2024 02:47 AM

Hi @George Chen 

 

Best is log a Now Support case , as it is related to security so dont delay. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

George Chen
Tera Expert
In response to Dr Atul G- LNG

‎01-18-2024 01:41 PM

Thanks Kilo for the suggestion.  Yes, I was thinking of raising HI ticket but just checked with Community first. Now I am about to do so! Thanks