Support

Home Forums Event Espresso Premium Authorize.net Important MD5 Hash Removal/Disablement Notice

Authorize.net Important MD5 Hash Removal/Disablement Notice

Posted: January 11, 2019 at 2:35 pm


Theodore Salamone

January 11, 2019 at 2:35 pm

OK Anyone, I just got this notice. Is this something I need to worry about? If so, what changes are needed? I am running EE3 Business level. Thank you in advance. PS – Can we get some Square support for EE3 so I can switch to that and drop Authorize.net entirely?

Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.

We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.

Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.

Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.


Josh

  • Support Staff

January 14, 2019 at 11:04 am

Hi there,

May I ask are you using SIM or AIM on your EE3 site? If you’re not sure, you go to Event Espresso > Payment Settings and check which of the two are activated?


Theodore Salamone

January 14, 2019 at 11:14 am

Josh, SIM gateway.


Josh

  • Support Staff

January 14, 2019 at 11:56 am

In that case, you’ll go to Event Espresso > Payment Settings > Authorize.net SIM settings and uncheck the box next to “use md5 check to secure payment response” then click the Update button.


Theodore Salamone

January 14, 2019 at 12:25 pm

Josh,

Thank you. The interesting thing is that the box was not checked to begin with, but I did have the MD5 key loaded. Authorize.net said that I was using the MD5, but that was either old info or they saw the key during transactions, even thought the box was not checked.


Josh

  • Support Staff

January 15, 2019 at 7:45 am

That’s strange, and maybe you should also remove the MD5 key from the settings page too.

You must be logged in to reply to this support post. Sign In or Register for an Account

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3

Documentation for Event Espresso 4

Status: publish

Updated by  Josh 4 days, 18 hours ago ago

Topic Tags

Notifications

This topic is: not resolved
Do NOT follow this link or you will be banned from the site!