[Case 46864] Webmail Security Policy Manager - Missing passbar directory

sparek-3

Well-Known Member
Aug 10, 2002
2,021
226
368
cPanel Access Level
Root Administrator
There seem to be some problems with the Security Policy Manager for Webmail using the latest Release of cPanel.

I am noting this error in the build:

11.28.76-RELEASE_51149

From the access_log it looks like the passbar directory is missing.

/usr/local/cpanel/base/unprotected/passbar

appears to be a missing symlink.

I am not sure where the passbar directory is suppose to come from. I have fixed the issue by:

Code:
cd /usr/local/cpanel/whostmgr/docroot/
ln -s ../../base/frontend/x3/passbar ./
This is grabbing the passbar directory from the x3 theme directory. I'm not sure if that is where the data is suppose to come from or not.

Anybody else noticing this error?

To duplicate, create a mail account and set the password for the mail account to a weak password (you may have to temporarily disable password strength to do this, but then re-enable it). Then log into webmail for the account using the weak password. You should be prompted that your password is too weak. But the Generate Password button will not work and the password will not change. Once the passbar symlink is working, this page seems to work.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,021
226
368
cPanel Access Level
Root Administrator
This also does not work for reseller's WHMs. The security policy page, after submitting complains:

Code:
failed: missing arguments current_password
I am not sure where this bit of code is, or what to change.

To duplicate this, set a reseller's password to a weak password, then log into that reseller's WHM. You'll get the security policy page asking them to reset their password, but you won't be able to change the password.

It looks like the whole Password Strength Security Policy system needs to be audited and made sure that every aspect works.