WHM login password change page not working normally

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
I'm not sure if this is a defect, or was caused by cookie and login security tweaks in WHM.

Earlier today when I was required to change my password because of my password change policy, the new password don't seem to have gotten through, even though the retyped new password on the password change page had matched.

I was just redirected to another page that said something about the old password not being the correct one, even though the old password had also had green checkmark.

I tried many times to request the login page directly or go through the password change again, and even clear the cookies, but without success.

But I did manage to do a shell root login (not directly) with the same old password and change it there, and then finally I could login to WHM.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello :)

Please post the output of the following command:

Code:
cat /usr/local/cpanel/version
Also, do you notice any output to /usr/local/cpanel/logs/error_log when this behavior occurs?

Thank you.
 

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
The version is 11.42.0.17 (Release, upgraded manually yesterday.

There is only this entry for the morning today:

securitypolicy: Called because of PasswordAge failing check.
I forgot to mention that after attempting to change the password but getting the error about the old password not being the correct one, even though the old password field had green checkmark, I typed random characters in the old password field in another attempt, just to see if the field got green checkmark, and it did.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
There are a couple of internal cases (83117, 87581) that might be related to the issue you have described. To help further narrow down the issue, please answer the following questions:

1. Does the existing password using the "@" symbol? If you manually change the password so that it does not use this symbol, do you still experience the same problem?

2. Is "Hide login password from cgi scripts" enabled in "WHM >> Tweak Settings"?

Thank you.
 

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
There are a couple of internal cases (83117, 87581) that might be related to the issue you have described. To help further narrow down the issue, please answer the following questions:

1. Does the existing password using the "@" symbol? If you manually change the password so that it does not use this symbol, do you still experience the same problem?

2. Is "Hide login password from cgi scripts" enabled in "WHM >> Tweak Settings"?

Thank you.
1. I was not using the @ symbol, but other ones.
2. Yes, "Hide login password from cgi scripts" is enabled.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Does disabling "Hide login password from cgi scripts" change the behavior when changing the password?

Thank you.