The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password strength meets limits but fails

Discussion in 'General Discussion' started by pcgh, Jul 9, 2009.

  1. pcgh

    pcgh Active Member

    Joined:
    Jun 25, 2003
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    One of my users brought to my attention an interesting item.... I have WHM set to enforce a password strength of 65 across the board for every item.

    If the user goes into their cPanel and tries to create an email account using a password in the following pattern:

    aaaa+aaaa#

    a = lower case alpha character (same as above example)
    + = special character "+"
    # = a number (e.g. "5")

    So they try to use a password something like this: bnhg+ijyf2

    The "Password Strength" indicator will show a strength of 82 / 100 and turns green. However, when the user then tries to create the account it returns an error saying, "Sorry, the password you selected cannot be used because it is too weak and would be too easy to crack. Please select a password with strength rating of 65 or higher."

    What's up with that? Any ideas? TIA!

    Tony

    cPanel / WHM Version: cPanel 11.24.4-S36281 - WHM 11.24.2 - X 3.9
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Was your server ever on EDGE?
     
  3. pcgh

    pcgh Active Member

    Joined:
    Jun 25, 2003
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for the reply, Kenneth. No it was not - it has always been on the stable track although it is a relatively new installation having just been setup in the last month or so.

    Tony
     
  4. bhappy

    bhappy Registered

    Joined:
    Dec 13, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    we have some of our clients complaining on the same issue on cPanel 11.24.4-RELEASE_36167. Password strength is set to 70 and cPanel doesn't let them to reset a password even when a strength meter shows 80.

    Thanks.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Sounds like you may have uncovered a bug ...

    If the code running the password checks doesn't match up to the
    code used in password generation scoring, they may have an issue.
    I would think they would call the same functions but maybe not.

    I have not observed the problem in EDGE which is what we use
    but I will try to see if I can duplicate the issue.

    As for you guys on STABLE and RELEASE, I would strongly advise
    you both moving up to CURRENT.

    STABLE is often far too old to be of much use and is the most
    prone to new exploits and attack methods and lacks new
    features and capabilities and in some respects dangerous.

    RELEASE is only slightly better but not by much.

    CURRENT you get the updates for bug fixed reasonably quickly,
    most of the new features, and security updates.

    EDGE I don't recommend except for seasoned experts like myself
    who are capable for handling unexpected issues. This channel
    will give you all the very latest features and the fastest route
    for updates and ironically bug fixes but at the same time could
    have more unexpected issues to deal with too.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This is an issue fixed in cPanel 11.25 ( EDGE ). In 11.24 and prior versions the server side checks were not governed by the same algorithm as the client side checks. cPanel 11.25 harmonizes these into a unified system.
     
  7. pcgh

    pcgh Active Member

    Joined:
    Jun 25, 2003
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Kenneth - Thanks for the update. Will look forward to that trickling down to the other versions.

    Spiral - I reckon we may have to consider switching to the CURRENT release. Many years ago we had some problems when using the newer builds and switched to STABLE simply to help avoid problems. But, as I say, that was years ago so it is probably time to move to try the more recent updates.

    Thanks!

    Tony
     
  8. gmm6797

    gmm6797 Member

    Joined:
    Jan 19, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Is there any ETA as to when this will hit the CURRENT builds?
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The full feature set for 11.25 still hasn't merged into EDGE. Once that happens then migration to CURRENT will depend upon how quickly EDGE 'calms down.'
     
Loading...

Share This Page