diff --git a/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java
index 08b74436f4..8ec0b31781 100644
--- a/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@@ -197,7 +197,8 @@ public class AuthServer implements AuthApi {
                 result.put("passwordModified", false);
                 result.put("defaultPwd", "dataease");
             }
-            if (!user.getIsAdmin() && user.getPassword().equals("83d923c9f1d8fcaa46cae0ed2aaa81b5")) {
+
+            if (!user.getIsAdmin() && user.getPassword().equals(CodingUtil.md5(DEFAULT_PWD))) {
                 result.put("passwordModified", false);
                 result.put("defaultPwd", DEFAULT_PWD);
             }
diff --git a/core/backend/src/main/java/io/dataease/service/sys/PluginService.java b/core/backend/src/main/java/io/dataease/service/sys/PluginService.java
index dad36645f5..f8ad81acf0 100644
--- a/core/backend/src/main/java/io/dataease/service/sys/PluginService.java
+++ b/core/backend/src/main/java/io/dataease/service/sys/PluginService.java
@@ -65,7 +65,7 @@ public class PluginService {
     }
 
     private void checkFileName(String fileName){
-        if(StringUtils.isEmpty(fileName) || !fileName.endsWith(".jar") || fileName.contains("../")){
+        if(StringUtils.isEmpty(fileName) || !fileName.endsWith(".zip") || fileName.contains("../")){
             DataEaseException.throwException("非法的文件名: " + fileName);
         }
     }