SOLVED WHM API createacct password problem

[DeadManWalking]

Try 1

1. WHM password strength: 65
2. password: 30y#C(6dG$Osi
3. createacct returns: "Password too weak!"

Try 2

1. WHM password strength: 50
2. password: 30y#C(6dG$Osi
3. createacct: OK! Account created.
4. Trying to access via FTP: 530 Login incorrect.
5. WHM > Account Functions > Password Modification > change password to 30y#C(6dG$Osi
6. Try FTP again: Success!

Try 3

1. WHM password strength: 50
2. Password: 6ZuCQieAC75oj0qE
3. createacct: OK! Account created.
4. FTP access: Success!

Problems:

• Strong passwords with special characters are considered weak when used in API, but they score 100% when I enter them in WHM password forms.
• After I lowered the strength, passwords with special characters are accepted in createacct, but somehow corrupted/changed so I can't use them (i.e. FTP login incorrect)

createacct only works when I use passwords without special characters

 

[cPanelLauren]

Hi @DeadManWalking

I've been trying to replicate this on my server to confirm your findings but I haven't been able to.

-The WHM default password strength is set to 65


- I used whmapi1 createacct and /scripts/createacct to create a new account with the password you noted:

whmapi1 createacct username=passtest1 domain=passtest1.com password='30y#C(6dG$Osi'
---
data:
  ip: <MyIP>
  nameserver: ns1.mynameserver.tld
  nameserver2: ns2.mynameserver.tld
  nameserver3: ''
  nameserver4: ''
  nameservera: ~
  nameservera2: ~
  nameservera3: ~
  nameservera4: ~
  nameserverentry: ~
  nameserverentry2: ~
  nameserverentry3: ~
  nameserverentry4: ~
  package: default
metadata:
  command: createacct
  output:
    raw: "Checking input data...Dns Zone check is enabled.\nValidating Username......Done\nValidating IP......Done\nValidating Contact Email......Done\n...Done\nValidating system setup......Done\nChecking for database conflicts......Done\nWWWAcct 12.6.0 (c) 2018 cPanel, Inc....\n\n+===================================+\n| New Account Info                  |\n+===================================+\n| Domain: passtest1.com\n| Ip: <MyIP> (n)\n| HasCgi: y\n| UserName: passtest1\n| PassWord: 30y#C(6dG$Osi\n| CpanelMod: paper_lantern\n| HomeRoot: /home\n| Quota: unlimited\n| NameServer1: ns1.MyNameserver.tld\n| NameServer2: ns2.MyNameserver.tld\n| NameServer3: \n| NameServer4: \n| Contact Email: \n| Package: default\n| Feature List: default\n| Language: en\n+===================================+\n...Done\nCustom Account Data Provided: no\nRunning pre creation script (/usr/local/cpanel/scripts/prewwwacct)......Done\nAdding User...Removing Shell Access (n)\nSuccess...Done\nAdding Entries to userdata......Done\nSetting up Mail & Local Domains...localdomains...valiases ...vdomainaliases ...vfilters ......Done\nConfiguring DNS...Zone passtest1.com has been successfully added\n...Done\nVerifying MX Records and Setting up Databases...Reconfiguring Mail Routing:\nLOCAL MAIL EXCHANGER: This server will serve as a primary mail exchanger for passtest1.com's mail.:\n This configuration has been manually selected.\n\n...Done\nUpdating Authentication Databases......Done\nAdding Entries to httpd.conf......Done\nSetting passwords......Done\nUpdating the userdata cache......Done\nSetting up Horde database in the background.......Done\nCreating bandwidth datastore......Done\nUpdating the dedicated IP address usage cache......Done\nGenerating and installing DKIM keys......Done\nEnabling Apache SpamAssassin™......Done\nSending Account Information......Done\nRunning post creation scripts (/usr/local/cpanel/scripts/legacypostwwwacct, /usr/local/cpanel/scripts/postwwwacct, /usr/local/cpanel/scripts/postwwwacctuser)......Done\nwwwacct creation finished\nSetting up Domain Pointers......Done\nSetting Reseller Privs......Done\nAccount Creation Complete!!!...Account Creation Ok...Done\n"
  reason: Account Creation Ok
  result: 1
  version: 1

[[email protected] dovecot]# /scripts/createacct passtest2.com passtest2 '30y#C(6dG$Osi'
+===================================+
| New Account Info                  |
+===================================+
| Domain: passtest2.com
| UserName: passtest2
| PassWord: 30y#C(6dG$Osi
+===================================+

This ok? y
Checking input data...Validating Username......Done
Validating IP......Done
Validating Contact Email......Done
...Done
Validating system setup......Done
Checking for database conflicts......Done
WWWAcct 12.6.0 (c) 2018 cPanel, Inc.......Done
Running pre creation script (/usr/local/cpanel/scripts/prewwwacct)...info [createacct] ---debug_hooks---
info [createacct]             msg: No hooks found for traversed context
info [createacct]         context: Whostmgr::Accounts::Create
info [createacct]           stage: pre
...Done
Adding User......Done
Adding Entries to userdata......Done
Setting up Mail & Local Domains......Done
Configuring DNS......Done
Verifying MX Records and Setting up Databases......Done
Updating Authentication Databases......Done
Adding Entries to httpd.conf......Done
Setting passwords......Done
Updating the userdata cache......Done
Setting up Horde database in the background.......Done
Creating bandwidth datastore......Done
Updating the dedicated IP address usage cache......Done
Generating and installing DKIM keys......Done
Enabling Apache SpamAssassin™......Done
Sending Account Information......Done
Running post creation scripts (/usr/local/cpanel/scripts/legacypostwwwacct, /usr/local/cpanel/scripts/postwwwacct, /usr/local/cpanel/scripts/postwwwacctuser)...info [createacct] ---debug_hooks---
info [createacct]             msg: No hooks found for traversed context
info [createacct]         context: Whostmgr::Accounts::Create
info [createacct]           stage: post
...Done
Setting up Domain Pointers......Done
Setting Reseller Privs......Done
Account Creation Complete!!!......Done
Account Creation Ok
Dns Zone check is enabled.


+===================================+
| New Account Info                  |
+===================================+
| Domain: passtest2.com
| Ip: <MyIP> (n)
| HasCgi: y
| UserName: passtest2
| PassWord: 30y#C(6dG$Osi
| CpanelMod: paper_lantern
| HomeRoot: /home
| Quota: 0 bytes
| NameServer1: ns1.mydomain.tld
| NameServer2: ns2.mydomain.tld
| NameServer3:
| NameServer4:
| Contact Email:
| Package: default
| Feature List: default
| Language: en
+===================================+
Custom Account Data Provided: no
Adding Shell Access (y)
Successlocaldomains...valiases ...vdomainaliases ...vfilters ...Zone passtest2.com has been successfully added
Reconfiguring Mail Routing:
LOCAL MAIL EXCHANGER: This server will serve as a primary mail exchanger for passtest2.com's mail.:
 This configuration has been manually selected.

wwwacct creation finished
Account Creation Ok

- Tested connecting via FTP:

tatus:          Connection established, waiting for welcome message...
Response:     220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:     220-You are user number 1 of 50 allowed.
Response:     220-Local time is now 12:09. Server port: 21.
Response:     220-This is a private system - No anonymous login
Response:     220-IPv6 connections are also welcome on this server.
Response:     220 You will be disconnected after 15 minutes of inactivity.
Command:    AUTH TLS
Response:     234 AUTH TLS OK.
Status:          Initializing TLS...
Status:          Verifying certificate...
Status:          TLS connection established.
Command:    USER passtest1
Response:     331 User passtest1 OK. Password required
Command:    PASS *************
Response:     230 OK. Current restricted directory is /
Command:    OPTS UTF8 ON
Response:     200 OK, UTF-8 enabled
Command:    PBSZ 0
Response:     200 PBSZ=0
Command:    PROT P
Response:     200 Data protection level set to "private"
Status:          Logged in
Status:          Retrieving directory listing...
Command:    PWD
Response:     257 "/" is your current location
Status:          Directory listing of "/" successful

tatus:          Connection established, waiting for welcome message...
Response:     220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:     220-You are user number 1 of 50 allowed.
Response:     220-Local time is now 12:09. Server port: 21.
Response:     220-This is a private system - No anonymous login
Response:     220-IPv6 connections are also welcome on this server.
Response:     220 You will be disconnected after 15 minutes of inactivity.
Command:    AUTH TLS
Response:     234 AUTH TLS OK.
Status:          Initializing TLS...
Status:          Verifying certificate...
Status:          TLS connection established.
Command:    USER passtest1
Response:     331 User passtest1 OK. Password required
Command:    PASS *************
Response:     230 OK. Current restricted directory is /
Command:    OPTS UTF8 ON
Response:     200 OK, UTF-8 enabled
Command:    PBSZ 0
Response:     200 PBSZ=0
Command:    PROT P
Response:     200 Data protection level set to "private"
Status:          Logged in
Status:          Retrieving directory listing...
Command:    PWD
Response:     257 "/" is your current location
Status:          Directory listing of "/" successful

But as you can see I didn't experience any issues with the password so I wasn't able to replicate. Can you let me know if I missed a step by chance?


Thanks!

 

[DeadManWalking]

Hi Lauren,
What is your query string look like when you use WHM API 1?

https://11.22.33.44:2087/json-api/createacct?api.version=1&username=user&domain=example.com&plan=default&featurelist=default&password=30y#C(6dG$Osi&contactemail=user%40mydomain.com

Do I need to encode the password when used in the query string?

 

[24x7server]

Hi,

You need to escape t he special characters when using them on the bash shell. Special characters are treated differently. You can use Single or Double quotes to escape the password you pass in the WHMAPI.

 

[DeadManWalking]

URL encoding the password solved the problem.
Thank you!

 

[cPanelLauren]

Hi @DeadManWalking


I'm really glad to hear that you were able to find the resolution. Thank you for letting us know!