Upgrading to 3.7.1 locked me out

Product: PowerShell Universal
Version: 3.7.1

Hello Everyone, I recently started working on creating a POC of PowerShell Universal to show to my co-workers / management to start utilizing this amazing tool.
Today I upgraded from 3.6.4 to 3.7.1 I’m running it as a service, only had 1 admin account with form authentication as i’m slowly learning and building scripts / APIs etc… but after the upgrade I’m locked out whenever I try to login to localhost:5000/admin I receive “Unauthorized Access”.

I was able to login today before the upgrade but I got locked out after the upgrade.
I have a backup but I just wanted post this here to see if I need to provide logs or something to post this as a bug.

Thank you

You’re not the only one!

Same problem here

We will be releasing a patch for this issue today. A little more info:

Note to self: Check forums before updating to new releases :')

I updated 10 minutes ago and have the same hahaha
Looking forward to the patch!

Hi Adam, yesterday i upgraded from 3.6.x to 3.7.1 and this problem affected my install too… but I’m using OpenID.

Re-installed everything from scratch and once I set up OpenID again, I got the same result.

A couple questions:

• After setting up OpenID connect, were you presented with a login screen and couldn’t login?
• When you were setting up the new version, was your instance reported as licensed?
• Can you send me some logs to support@ironmansoftware.com?

I can confirm that upgrading to 3.7.2 fixed the issue for me

Just got the CVE email that says upgrade to 3.7.2 and ran

update-PSUServer -LatestVersion

Here is the homepage error I am getting. I am still using Forms login page.

image821×328 9.44 KB

Reverted back to 3.6.4 until I can figure out if I need to reinstall as the upgrade steps have not worked for me.

Also the email " Security Update: PowerShell Universal and .NET SDK CVE 2023 21538" has a typo in the URL to “learn more about CVE”

I can confirm removing the admin account from the database (LiteDB or SQL) in the identities table manually solved my issue.
Also I was able to update to 3.7.2 today without any issues

@adam

Everything WAS working fine with 3.7.2, but now getting same error as @jdavid mentions above when trying to access logon page - just seeing below. Was working fine for a while. Then logged off. Came back to logon and can’t get in, can’t even get logon page.

image744×357 10.1 KB

If I restart IIS then try again it gets as far as

PowerShell Universal is loading…

Loading configuration files…

and then goes to above screen

EDIT: RESOLVED AGAIN NOW WITHOUT ME DOING ANYTHING OTHER THAN WAITING A WHILE??!?!

@adam

Related issue

Why do I see this on logon screen everytime?

image1074×110 3.24 KB

I have configured my authenticaton by editing and setting my own password in authentication.ps1 so it is not correct I am using “default authentication” or using the defaults of admin / admin ?

We’re going to release a 3.6.5 version of PSU that contains the CVE fix while we run down issues with authentication.

If you are having problems with PSU 3.7.x please open a ticket with support@ironmansoftware.com so we can address it. In the meantime, you will be able to update to 3.6.5 to patch the CVE.

Hi Adam,

I was going to reply but then I noticed you uploaded a new version and it seems to have fixed the issue with OpenID too.

Adrian