Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Webmail password strength bug

Discussion in 'E-mail Discussion' started by Lethe, Jun 7, 2018.

  1. Lethe

    Lethe Member

    Joined:
    Jun 17, 2017
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Here
    cPanel Access Level:
    Website Owner
    Hello,

    While trying to access webmail (cPanel -> Mail accounts -> webmail) for a specific account, I get the following:
    Your password does not meet the strength requirements, you must change it now to avoid having your account compromised.​

    Since I have multiple clients using IMAP, I'd rather not reset the password to break them then get blocked for failed logins. So I decide to try to enter the old password as new password. Of course, it won't let me and asks for a new password.

    However, when entering the old password as the new one, the strength is "Strong" with 87/100.

    So why is it forcing me to change the password because of strength requirements all the while claiming it's strong enough?

    cPanel version: 70.0 (build 48)

    Any help appreciated.
     
  2. Lethe

    Lethe Member

    Joined:
    Jun 17, 2017
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Here
    cPanel Access Level:
    Website Owner
    Since I can't edit this post (claims it's spam):
    I reset the password through WHMCS, and it worked. I still get the same prompt in webmail though.
     
  3. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Lethe

    Can you tell me what you have set for Password Strength at WHM>>Security Center >>Password Strength Configuration? A screenshot of the UI would be helpful.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Lethe

    Lethe Member

    Joined:
    Jun 17, 2017
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Here
    cPanel Access Level:
    Website Owner
    Hi Lauren, attached is the screenshot.

    Thanks!
     

    Attached Files:

  5. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Lethe

    Thank you for that, I'm trying to understand why you would get that notification on an existing account (so I can attempt to replicate the issue) so please bear with me. Which if any security policy Items do you have enabled at WHM>>Security Center>>Configure Security Policies

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Lethe

    Lethe Member

    Joined:
    Jun 17, 2017
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Here
    cPanel Access Level:
    Website Owner
    Here you go!
     

    Attached Files:

  7. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Lethe

    Thank you again. I'm trying to replicate the password strength discrepancy but finding I'm unable to. I've set the password strength to default (65) and I've enabled the password strength security policy. I then went to log in to one of my accounts which has a password weaker than 65 and it re-routed me to the interface with to change my password. The only thing is, I couldn't get it to fail or not allow a password which met the strength requirements.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice