Webmail password strength bug
Hello,
While trying to access webmail (cPanel -> Mail accounts -> webmail) for a specific account, I get the following:
Your password does not meet the strength requirements, you must change it now to avoid having your account compromised.
Since I have multiple clients using IMAP, I'd rather not reset the password to break them then get blocked for failed logins. So I decide to try to enter the old password as new password. Of course, it won't let me and asks for a new password.
However, when entering the old password as the new one, the strength is "Strong" with 87/100.
So why is it forcing me to change the password because of strength requirements all the while claiming it's strong enough?
cPanel version: 70.0 (build 48)
Any help appreciated.
-
Since I can't edit this post (claims it's spam): I reset the password through WHMCS, and it worked. I still get the same prompt in webmail though. 0 -
Hi @Lethe Can you tell me what you have set for Password Strength at WHM>>Security Center >>Password Strength Configuration? A screenshot of the UI would be helpful. Thanks! 0 -
Hi Lauren, attached is the screenshot. Thanks! 0 -
Hi @Lethe Thank you for that, I'm trying to understand why you would get that notification on an existing account (so I can attempt to replicate the issue) so please bear with me. Which if any security policy Items do you have enabled at WHM>>Security Center>>Configure Security Policies Thanks! 0 -
Here you go! 0 -
Hi @Lethe Thank you again. I'm trying to replicate the password strength discrepancy but finding I'm unable to. I've set the password strength to default (65) and I've enabled the password strength security policy. I then went to log in to one of my accounts which has a password weaker than 65 and it re-routed me to the interface with to change my password. The only thing is, I couldn't get it to fail or not allow a password which met the strength requirements. 0
Please sign in to leave a comment.
Comments
6 comments