Authorize.Net: Important MD5 Hash Removal/Disablement

#21

Update from Authorize.NET:

Today we’re announcing final phase 2 dates when the gateway will stop populating the MD5 hash value.

Phase 1 Complete
Phase 2 - Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.
Sandbox will be updated on March 7, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
Production will be updated on March 14, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
We have updated documentation on our developer center, posted sample code on Github, and will have SDK updates completed by end of February.

Please refer to our support article: MD5 Hash End of Life & Signature Key Replacement for more details and information on this change.

Thank you for your attention to this matter and for being an Authorize.Net merchant.

Sincerely,
Authorize.Net

1 Like
#22

Thank you Cristián:

I applied this to 2 sites and test purchases worked great.

Best, Willy

1 Like
#23

Thank you so much for the feedback, Will! :smiley:

#24

New update from Authorize.Net: https://status.authorize.net/incidents/9qn9s43kpx0f

After reviewing feedback concerning the production cutoff date for the MD5 Hash, we are pushing back the production update from March 14, 2019, to June 28, 2019. We will continue to review feedback and consider further date changes as needed over the next month.

For more details, see MD5 Hash End of Life & Signature Key Replacement article - https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement
Posted about 6 hours ago. Mar 12, 2019 - 09:29 PDT

1 Like
#25

Installed today, running smoothly so far! Thank you for this update!

1 Like
#26

I tried the updated files you provide to no avail.

#27

Thanks for the feedback. Could you tell me what you’ve tried and what you’re experiencing? :slight_smile:

#28

Sure thing. I tried installing the hotfix, as follows:
s2member-pro/src/includes/ syscon.inc.php
s2member-pro/src/includes/menu-pages/ authnet-ops.inc.php
s2member-pro/src/includes/classes/gateways/authnet/ authnet-utilities.inc.php

Yet, I’m still asked for the MD5 Hash in the Dashboard & still see the error on the Pro Form (https://www.childcaremarketing.com/signup/).

What should I try next? The site went live last night, so I’m really stuck at the moment, considering our users can’t create an account.

#29

Oh, I see! Every site we tried that in so far, already had an MD5 hash from before, so we never got that error in the previous tests. I’m sorry about that.

I guess you can’t get your MD5 hash from Auth.Net anymore. If not, then you can try just typing a few letters in that field, and see if that flies.

It’s to make s2Member happy while we remove that check from the pro-form. I’m not sure if Auth.Net uses it anymore if it’s getting the SHA512 one.

Please try it and see if you can make a test payment successfully. Even 1 cent or so would be fine, just to test.

#30

Here’s an update of the fix, with the updated warning when missing the Signature Key, not the MD5 Hash.

authnet-sha512-fix-190424.zip (58.3 KB)

There are the same three files from before:

s2member-pro/src/includes/ syscon.inc.php
s2member-pro/src/includes/menu-pages/ authnet-ops.inc.php
s2member-pro/src/includes/classes/gateways/authnet/ authnet-utilities.inc.php

And two more:

s2member/src/includes/translations/ s2member.pot
s2member-pro/src/includes/classes/gateways/authnet/ authnet-responses.inc.php

@parkwaychildcare, let me know if that takes care of your problem. Once you add these, try leaving the MD5 Hash field empty in your configuration. I look forward to your update. :slight_smile:

#31

That did the trick. Payments via Authorize.NET are now being accepted.

Thanks so much for the fast turn-around on this issue. Very much appreciated!

1 Like
#32

I’m very glad! Thanks for the feedback.

Quick question: Did you leave the MD5 Hash empty or with a random value?

And thank you very much for catching that and helping me improve it!

I hope your launch goes very well and you have a lot of success! :smiley:

#33

I actually had it both ways. At first I had “abcd” set as the MD5 Hash (per your earlier instructions). Then, I deleted the MD5 Hash value from the backend & tested again. In both instances, it worked.

We love s2 and recommend it to all our clients. You produce excellent software.

1 Like
#34

I’m very glad to know that both worked, and you have it up and running without trouble now.

Thank you so much for telling others about s2! :blue_heart:

If you haven’t yet, and you feel like it, it’d help us a lot that you leave a rating over at WordPress. https://wordpress.org/support/plugin/s2member/reviews/?filter=5 Thanks! :smiley:

#35
2 Likes
#36

Just installed the new version 190617.

So encouraging to see this bugfix right at the top! Excellent work!

Plus, the installation actually worked through the little message box on the WordPress plugins page! In the past, it always glitched and I had to upload the plugin manually.

Again, awesome work. I’m loving the new management here. :slight_smile:

1 Like