Unable to reset password since Utah patch 8/9 with security_admin role user

George Chen
Tera Expert

‎01-17-2024 04:10 PM

Hi Community Gurus,

 

My organisation has upgraded sub-instances to Patch 9 hotfix 1 (previously Patch 7 hotfix1) but since the patch, existing with security_admin role can no longer go through password reset process like forgot password, and when new password is submitted, it raises error in the backed.

 

Error: Disallowing setting of password for user with security admin. Change must be done by another security admin. The update has been cancelled.

 

Here are my additional exploration in our environments

  • This appears impacting users inheriting security_admin role
  • By removing the role, the reset comes through (password reset)
  • By creating a blank new user with admin/security_admin role, the password reset process come through as expected.
  • So far, the impacted customers are ServiceNow admin team who inherit security_admin role (my team folks)
  • I could not replicate in PDI running Patch 7 hotfix1
  • This does not replicate in UAT Patch 7 hotfix1 (our UAT)
  • When password reset fails, logs can be seen that ‘Disallowing setting of password for user with security admin. Change must be done by another security admin. The update has been cancelled.  
  • From surface, this does seem to relate to the patches (suspicious problem- password security flaw fix

    Password Reset /PRB1675902 )

  • Steps to produce:
  • As any of existing users inherits security_admin role
  • Go through forgot password process on login page
  • Complete user identity process -> receive the email.
  • Fill in password that meets the requirement and then submit

Error occurs as described above.

Thank you for taking your time with the issue and any advice would be appreciated.

Best wishes,

George

Preview file
238 KB
Preview file
205 KB
0 Helpfuls
  • 1,980 Views
8 REPLIES 8

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to George Chen

‎01-19-2024 06:05 AM

Hi @George Chen 

If you get some feedback, please share with community.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

manish123
Giga Guru

‎05-15-2024 05:14 AM

Hi George,

 

Did you manage to resolve the above issue or SN has provided any KB article as a solution for that?

0 Helpfuls

Imi NOW
Tera Contributor
In response to manish123

‎06-18-2024 11:25 PM

Hi,

I'm interested too. Same happens on Washington. I need to impersonate as security_admin and then I'm able to reset the password for the others.

0 Helpfuls

Jonathan Gordon
Tera Contributor

‎08-03-2024 10:20 PM

Let me post the fix we have discovered for this that way I to will remember next time I need it. 😂 You need to impersonate the person you are wanting to change the password for. So, let's say you want to reset Bob's password. You need to impersonate him and then look him up under users and set password there.

0 Helpfuls