Support » Plugin: YITH WooCommerce Authorize.net Payment Gateway » Authorize.Net is phasing out the MD5 based transHash

  • Resolved SandyMe

    (@sandyme)


    I received this from Authorize.net and don’t know what to do…..

    Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.

    We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.

    Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.

    Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.

Viewing 15 replies - 1 through 15 (of 17 total)
  • Becky Melton

    (@beckymelton1949)

    Any word on this? Is our cart going to stop working?

    • This reply was modified 1 year ago by Becky Melton. Reason: add tags
    SandyMe

    (@sandyme)

    I sure hope we can find a solution without switching plugins.

    davidreedernst

    (@davidreedernst)

    I’ve got a client wondering the same thing. I can dig through the code and try to figure out, but I’d much rather hear an official word from the authors.

    bryanlopez

    (@bryanlopez)

    I have the same question, any solution? what do we have to do??

    heroagency

    (@heroagency)

    Bump. Same issue. Authorize says they’ll drop support for MD5 at the end of this month (9 days from now).

    dncreative

    (@dncreative)

    bump!

    My client is also asking about this. Is this an issue? Does the plugin use Md5? Can someone please help? thank you~

    This is kind of a big deal. Is anyone going to respond to this? I have a client using a different Authorize.net plugin with the same issue.

    earthnutvt, Which plugin are you using?

    In the past, I’ve had great experiences with YITH themes and plugin support. Not sure what’s going on now.

    • This reply was modified 11 months, 3 weeks ago by SandyMe.
    Plugin Author YITHEMES

    (@yithemes)

    Hello there,

    I am sorry for the long delay. We wanted to accurately check the new feature and follow development status.

    First of all, I’d like to assure you that we will release an update soon that removes any check over MD5 hash. This should be enough to make the plugin work with any transaction, both with the new and current API set. Next update should be released at most tomorrow so, please, stay tuned.

    Support to transHashSHA2 is completely a different story instead. We’re working on implementing it since it offers an additional layer of security for our customers. Anyway, for what I have experienced, the service is currently not in a complete working status. We do not receive transHashSHA2 on some responses, making the check impossible, and even when we receive it, it is difficult to validate it as suggested by Authorize. We hope that Authorize will release a developer guide soon, that fully covers all possible cases, yet, at the moment, I’m afraid we won’t be able to implement this feature within the next update. In any case, this won’t cause any problem to users running the latest version of our plugin. When the integration will be ready and working, we will simply release it with an update so anyone will be able to enjoy it. We hope to release this update on the early days of February.

    If you have any other questions, don’t hesitate to contact us, we’ll be happy to help you.

    Have a good day.

    Thank you.

    For anyone worried that the MD5 hash is going to stop working TODAY and your site will be broken, re-read the sentence in the warning received from Authorize.net that includes “and the transHash element will stop returning values at a later date to be determined”.

    To me, that means those of us already using it have some time. So I think a few days is well within reason and I’m not going to panic.

    The orders on my website completed just fine after the plugin update. Thank you!

    Plugin Author YITHEMES

    (@yithemes)

    Hi there,
    hope you are doing well! ๐Ÿ™‚

    We are glad to know that all is working properly. We are happy to help you with anything you need and don’t hesitate to contact us.

    Have a nice day!

    I have posted in the other request for help but no help yet
    When a customer orders from my site they get a error
    ( Unpaid order cancelled โ€“ time limit reached. Order status changed from Pending payment to Cancelled. ) this error is being sent regardless if a customer credit card is approved or denied. I get notification from Authorize thru e-mail telling me it was ether approved or denied then I must go into my site and change there order from canceled to processing. Some customers have ordered 2 or 3 times because they did not think there order went thru and then I half to refund some of there order and that cost me $$$ also.
    Any help please is there some settings to change or am I stuck for now
    Thanks

    Here’s my latest message from authorize.net. If there’s anything I need to worry about, I’d appreciate knowing. I have the latest version of WP and all plugins.
    ……………………………………………….
    Today weโ€™re announcing final phase 2 dates when the gateway will stop populating the MD5 hash value.

    Phase 1 Complete
    Phase 2 – Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.
    Sandbox will be updated on March 7, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
    Production will be updated on March 14, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.

    We have updated documentation on our developer center, posted sample code on Github, and will have SDK updates completed by end of February.

    Please refer to our support article: MD5 Hash End of Life & Signature Key Replacement for more details and information on this change.

    Thank you for your attention to this matter and for being an Authorize.Net merchant.

    Sincerely,
    Authorize.Net

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Authorize.Net is phasing out the MD5 based transHash’ is closed to new replies.