I forgot my ghost password just a second after installing it. 🤦

I hadn't even set up my email to use "forgot my password" feature, so I thought I was screwed. But wait, this app must have a db where it stores the hashed password?

After a bit of exploration I found users table in the mysql db. I ran

SELECT email, password FROM USERS;

and saw the hashed password.

Now I had to figure out how this app generates the hashed password. Since it's open source,  I found this password.js from the repository.

Created the following script to return the hashed value for my new password:



I ran node new-password.js "NEWPASSWORD" and got the hashed value of the new password. And then all I had to do was to update the password column with this hashed password.


And voila  i found something to write about for my first post smh.