Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Valid Email Account Password Characters

Discussion in 'E-mail Discussion' started by swbrains, Mar 1, 2018.

Tags:
  1. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Hi,

    Does anyone know which characters are valid (or better yet invalid) for an email account password. Apparently a couple of the passwords I tested had invalid characters. I was able to use the API to set the password, but entering it during login said invalid login. When I removed the symbols like * ; and , and used an @ symbol, it worked properly.

    I was just wondering if there's an explicit list of characters to avoid for passwords so I can trap for it in my app before submitting the new password to the API.

    Thanks!
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you let us know what method you are using to login to the email account? For instance, did this happen with a specific email client, or can you reproduce it everywhere (e.g. Roundcube, Horde)?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Hi,

    This was logging in via the browser using the RoundCube webmail client.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look? This isn't something I've been able to reproduce on a test system.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Thanks for looking at it. Since I'm not able to provide access to my server, I won't open a ticket via WHM as support will surely ask for access, especially since you couldn't duplicate it. This was reported to me by a customer and I duplicated her experience trying to log into the same webmail account. Her password (a test password) was in the form: x;um2`*TR
    My guess was that the semicolon, backtick, or asterisk was the problem, but I didn't test individually which one caused the issue. I just removed them all and added in an @ symbol and it worked fine. Resetting the password to the one above failed again.

    Perhaps the problem has to do with the way I update the password via the API. I use a command in my script like this:
    $URI = "$g_cpanelapiurl/Email/passwd_pop?email=$popuser&domain=$host&password=$poppass";

    Perhaps special characters require some type of encoding since they're being used in a URL?
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,744
    Likes Received:
    110
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Chances are it's with the API call you used - although I'm not exactly sure what API system you are using.

    You probably need to URI encode that values that you are passing in order for them to be read properly. If you are passing them just in plaintext, it's probably not reading the full value that you are passing.
     
  7. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Thanks. I believe that is probably the case. The API I am using is the UAPI Function: Email::passwd_pop

    http://[domain]:2082/execute/Email/passwd_pop?[parameters]

    I have tried the following characters without encoding and they seem to work:

    A - Z, a - z, 0 - 9, and the symbols: @ $ _ ~ # - ! $ % ^ ( )
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Yes, it's important to URI-encode the values to avoid issues like the one you described (it may work without encoding in some cases, but it's generally a good practice to a URI encode the values to avoid these types of issues). I confirmed the specific password you provided as an example needs to be URI-encoded during the UAPI password call (not when authenticating). For example, the "x;um2`*TR" password should be written like this:

    Code:
    %20x%3Bum2%60*TR
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Thanks!
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice