WHM login password change page not working normally

[Archmactrix]

I'm not sure if this is a defect, or was caused by cookie and login security tweaks in WHM.

Earlier today when I was required to change my password because of my password change policy, the new password don't seem to have gotten through, even though the retyped new password on the password change page had matched.

I was just redirected to another page that said something about the old password not being the correct one, even though the old password had also had green checkmark.

I tried many times to request the login page directly or go through the password change again, and even clear the cookies, but without success.

But I did manage to do a shell root login (not directly) with the same old password and change it there, and then finally I could login to WHM.

 

[cPanelMichael]

Hello

Please post the output of the following command:

cat /usr/local/cpanel/version

Also, do you notice any output to /usr/local/cpanel/logs/error_log when this behavior occurs?

Thank you.

 

[Archmactrix]

The version is 11.42.0.17 (Release, upgraded manually yesterday.

There is only this entry for the morning today:

securitypolicy: Called because of PasswordAge failing check.

I forgot to mention that after attempting to change the password but getting the error about the old password not being the correct one, even though the old password field had green checkmark, I typed random characters in the old password field in another attempt, just to see if the field got green checkmark, and it did.

 

[cPanelMichael]

There are a couple of internal cases (83117, 87581) that might be related to the issue you have described. To help further narrow down the issue, please answer the following questions:

1. Does the existing password using the "@" symbol? If you manually change the password so that it does not use this symbol, do you still experience the same problem?

2. Is "Hide login password from cgi scripts" enabled in "WHM >> Tweak Settings"?

Thank you.

 

[Archmactrix]

There are a couple of internal cases (83117, 87581) that might be related to the issue you have described. To help further narrow down the issue, please answer the following questions:

1. Does the existing password using the "@" symbol? If you manually change the password so that it does not use this symbol, do you still experience the same problem?

2. Is "Hide login password from cgi scripts" enabled in "WHM >> Tweak Settings"?

Thank you.

1. I was not using the @ symbol, but other ones.
2. Yes, "Hide login password from cgi scripts" is enabled.

 

[cPanelMichael]

Does disabling "Hide login password from cgi scripts" change the behavior when changing the password?

Thank you.