Valid Email Account Password Characters

swbrains

• March 01, 2018 14:53

Hi, Does anyone know which characters are valid (or better yet invalid) for an email account password. Apparently a couple of the passwords I tested had invalid characters. I was able to use the API to set the password, but entering it during login said invalid login. When I removed the symbols like * ; and, and used an @ symbol, it worked properly. I was just wondering if there's an explicit list of characters to avoid for passwords so I can trap for it in my app before submitting the new password to the API. Thanks!

• 

  cPanelMichael

  • March 01, 2018 20:09

  Apparently a couple of the passwords I tested had invalid characters. I was able to use the API to set the password, but entering it during login said invalid login. When I removed the symbols like * ; and, and used an @ symbol, it worked properly.

  
  Hello, Could you let us know what method you are using to login to the email account? For instance, did this happen with a specific email client, or can you reproduce it everywhere (e.g. Roundcube, Horde)? Thank you.

  0
• 

  swbrains

  • March 01, 2018 20:23

  Hi, This was logging in via the browser using the RoundCube webmail client.

  0
• 

  cPanelMichael

  • March 01, 2018 20:40

  Hello, Could you open a support ticket using the link in my signature so we can take a closer look? This isn't something I've been able to reproduce on a test system. Thank you.

  0
• 

  swbrains

  • March 01, 2018 21:18

  Thanks for looking at it. Since I'm not able to provide access to my server, I won't open a ticket via WHM as support will surely ask for access, especially since you couldn't duplicate it. This was reported to me by a customer and I duplicated her experience trying to log into the same webmail account. Her password (a test password) was in the form: x;um2`*TR My guess was that the semicolon, backtick, or asterisk was the problem, but I didn't test individually which one caused the issue. I just removed them all and added in an @ symbol and it worked fine. Resetting the password to the one above failed again. Perhaps the problem has to do with the way I update the password via the API. I use a command in my script like this: $URI = "$g_cpanelapiurl/Email/passwd_pop?email=$popuser&domain=$host&password=$poppass"; Perhaps special characters require some type of encoding since they're being used in a URL?

  0
• 

  sparek-3

  • March 02, 2018 00:35

  Chances are it's with the API call you used - although I'm not exactly sure what API system you are using. You probably need to URI encode that values that you are passing in order for them to be read properly. If you are passing them just in plaintext, it's probably not reading the full value that you are passing.

  0
• 

  swbrains

  • March 02, 2018 03:19

  Thanks. I believe that is probably the case. The API I am using is the UAPI Function: Email::passwd_pop

  0
• 

  cPanelMichael

  • March 02, 2018 15:57

  Perhaps the problem has to do with the way I update the password via the API. I use a command in my script like this: $URI = "$g_cpanelapiurl/Email/passwd_pop?email=$popuser&domain=$host&password=$poppass"; Perhaps special characters require some type of encoding since they're being used in a URL?

  
  Hello, Yes, it's important to URI-encode the values to avoid issues like the one you described (it may work without encoding in some cases, but it's generally a good practice to a URI encode the values to avoid these types of issues). I confirmed the specific password you provided as an example needs to be URI-encoded during the UAPI password call (not when authenticating). For example, the "x;um2`*TR" password should be written like this: %20x%3Bum2%60*TR
  Thank you.

  0
• 

  swbrains

  • March 02, 2018 15:59

  Thanks!

  0

Please sign in to leave a comment.