jkx discusses how he recovered a lost wiki password (his wiki stores it in an encrypted format):

• add a user w/ a new login/password.
• just edit the old login account file (in users/)
• change the password w/ the SHA key of the new user
• login :)

But, more ominously, you can use this to get into anyone's account, if you're a shady administrator:

• add a user w/ a new login/password
• log in to the database
• copy the person's old password somewhere
• change the password value in the person's row to match the new user's password
• login
• do evil stuff
• change the person's password back to its old value

Another good one is for finding out a person's password, even when it's stored in an encrypted format, if the site has a password-recovery system:

• log in to the database
• copy the person's email address somewhere
• change the person's email address to your own
• do the "forgot password" on the website for that username; you'll be emailed the information
• change the person's email address back to what it was before

Morals of the story: hire ethical people, don't piss off geeks and don't use the same password on multiple sites.

This blog is no longer active, and comments have been disabled.