The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password security check failing when creating new FTP account

Discussion in 'Security' started by Dennis Heuer, Sep 22, 2015.

  1. Dennis Heuer

    Dennis Heuer Registered

    Joined:
    Sep 22, 2015
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Germany
    cPanel Access Level:
    Website Owner
    Hello,

    I tried to create a test-ftp-account to check out something. That's why I chose a simple and very weak password, namely §§§§§. The password check showed green 100%, but as I clicked the button, a red warning mourned about the password and didn't let me - for good. However, there's something wrong with the password check.

    Dennis
     
    Jcats likes this.
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What's the issue you're having exactly?
     
  3. Dennis Heuer

    Dennis Heuer Registered

    Joined:
    Sep 22, 2015
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Germany
    cPanel Access Level:
    Website Owner
    The issue is in the contradiction between the green 100% bar and the red alert box telling me that the password is bad. It's a software-ergonomic issue of miscommunication and irritation by two mismatching elements of the same form.

    Got the Point! The sentence you quotet only was a reflection of the described situation, no new subject!
     
    #3 Dennis Heuer, Sep 24, 2015
    Last edited by a moderator: Sep 24, 2015
  4. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    275
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Dennis,

    I see what your saying, not sure how it was misinterpreted but Ill post a screenshot to help those understand the situation better.

    s3.amazonaws.com/uploads.hipchat.com/31137/205915/mLdVCdyPhdRPJO6/upload.png
     
    #4 Jcats, Sep 24, 2015
    Last edited by a moderator: Sep 24, 2015
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I believe an internal case was opened for this issue in the past (FB-71929). The issue in that case was that the password strength meter incorrectly finds strong passwords as weak ones, but it's basically the same issue. Per that case, it was determined that the password generator was not designed to create cryptographically strong passwords, but instead it was designed to create passwords that appear strong according to conventional wisdom. The best way to address this issue would be to open a feature request for a password generator that's more cryptographically sound. Here is one that's open now:

    https://features.cpanel.net/topic/better-password-strength-checker

    Thank you.
     
Loading...

Share This Page