diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 9b41f10975..dffe9cb5cc 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -168,13 +168,17 @@ function process_user_login_local($login, $pass, $api=false, $passAlreadyEncrypt
 
     $row = db_get_row_sql($sql);
 
-    // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
-    if (strlen($row['password']) === 32) {
-        // MD5.
-        $credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
+    if ($passAlreadyEncrypted) {
+        $credentials_check = $pass === $row['password'];
     } else {
-        // Bcrypt.
-        $credentials_check = password_verify($pass, $row['password']);
+         // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
+        if (strlen($row['password']) === 32) {
+            // MD5.
+            $credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
+        } else {
+            // Bcrypt.
+            $credentials_check = password_verify($pass, $row['password']);
+        }
     }
 
     if ($credentials_check === true) {
diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php
index 2dd991e3b4..f77a5dfa49 100644
--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@@ -269,26 +269,29 @@ $user_id = '<div class="label_select_simple"><p class="edit_user_labels">'.__('U
 $user_id .= '<span>'.$id.'</span></div>';
 
 $user_id .= '<div class="label_select_simple"><p class="edit_user_labels">'.__('API Token').'</p>';
-$user_id .= html_print_anchor(
-    [
-        'onClick' => sprintf(
-            'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')',
-            __('Warning'),
-            __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'),
-            'user_profile_form',
-        ),
-        'content' => html_print_image(
-            'images/icono-refrescar.png',
-            true,
-            [
-                'class' => 'renew_api_token_image clickable',
-                'title' => __('Renew API Token'),
-            ]
-        ),
-        'class'   => 'renew_api_token_link',
-    ],
-    true
-);
+if (is_management_allowed()) {
+    $user_id .= html_print_anchor(
+        [
+            'onClick' => sprintf(
+                'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')',
+                __('Warning'),
+                __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'),
+                'user_profile_form',
+            ),
+            'content' => html_print_image(
+                'images/icono-refrescar.png',
+                true,
+                [
+                    'class' => 'renew_api_token_image clickable',
+                    'title' => __('Renew API Token'),
+                ]
+            ),
+            'class'   => 'renew_api_token_link',
+        ],
+        true
+    );
+}
+
 
 // Check php conf for header auth.
 $lines = file('/etc/httpd/conf.d/php.conf');