Webmail password strength bug

Lethe

Member
Jun 17, 2017
10
2
3
Here
cPanel Access Level
Website Owner
Hello,

While trying to access webmail (cPanel -> Mail accounts -> webmail) for a specific account, I get the following:
Your password does not meet the strength requirements, you must change it now to avoid having your account compromised.​

Since I have multiple clients using IMAP, I'd rather not reset the password to break them then get blocked for failed logins. So I decide to try to enter the old password as new password. Of course, it won't let me and asks for a new password.

However, when entering the old password as the new one, the strength is "Strong" with 87/100.

So why is it forcing me to change the password because of strength requirements all the while claiming it's strong enough?

cPanel version: 70.0 (build 48)

Any help appreciated.
 

Lethe

Member
Jun 17, 2017
10
2
3
Here
cPanel Access Level
Website Owner
Since I can't edit this post (claims it's spam):
I reset the password through WHMCS, and it worked. I still get the same prompt in webmail though.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,124
663
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Lethe

Thank you again. I'm trying to replicate the password strength discrepancy but finding I'm unable to. I've set the password strength to default (65) and I've enabled the password strength security policy. I then went to log in to one of my accounts which has a password weaker than 65 and it re-routed me to the interface with to change my password. The only thing is, I couldn't get it to fail or not allow a password which met the strength requirements.