Project

General

Profile

Bug #15812

High ASCII Characters in Password or Password Length

Added by Cody Fleetwood about 3 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
William Grzybowski
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Is there a known password limit where a password would simply be truncated? Also, how are high ascii characters handled in a password? I used KeePass to generate a password. It was accepted, but I am now unable to login with it. Just a heads up. In a situation like this, I'm not sure what is actually getting stored as the password. Is there a list of acceptable password characters?

History

#1 Updated by Joshua Smith about 3 years ago

  • Status changed from Unscreened to 15
  • Assignee changed from Kris Moore to Joshua Smith

Spoke with this user via IRC. He's going to submit the pw used tonight as it's not going to be used anymore.

#2 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Assignee changed from Joshua Smith to William Grzybowski

#3 Updated by William Grzybowski about 3 years ago

What password are you talking about?

#4 Updated by Cody Fleetwood about 3 years ago

William Grzybowski wrote:

What password are you talking about?

root password. Should have mentioned that.

#5 Updated by William Grzybowski about 3 years ago

Ok, and where it doesn't work? Just the GUI or from SSH as well (assuming you have root login enabled)?

#6 Updated by Cody Fleetwood about 3 years ago

William Grzybowski wrote:

Ok, and where it doesn't work? Just the GUI or from SSH as well (assuming you have root login enabled)?

I have only attempted a GUI login. It was a clean install and I stopped when this happened as it was late. I can try to SSH when I get home tonight around 5pm.

#7 Updated by Cody Fleetwood about 3 years ago

½îqÔÆ°"|Yï2¡Eä.vhíõ¹Ô³oâFªìR1Öø;ñ§f0â*´°+ÕJ¾ØÉïï~S½hk½±"+¯"HNο'¢¹JÉ6OÃ$دRêé6y1fuÄÿÐC$#ÞÔÖëo²ÜË¡ÌÞg!ÜLMGZp²{G÷jkÑÉ3SóøÙ5ÇqâêÝ_ðU-G}û¤ÈÍü¢ÆÓ(T8¹ÕL>iZ#

That is the password in question. Hope that helps. I'll get started on ssh testing after I can login.

#8 Updated by Cody Fleetwood about 3 years ago

This works:
½îqÔÆ°"|Yï2¡Eä.vhíõ¹Ô³oâFªìR1Öø;ñ§f0â*´°+ÕJ¾ØÉïï~S½hk½±"+¯"HNο'¢¹JÉ6OÃ$دRêé6y1fuÄ

Adding the next character breaks it. However, if I simply add an "a" next, that works.

#9 Updated by William Grzybowski about 3 years ago

Not sure if this is a joke or real issue report.

#10 Updated by Cody Fleetwood about 3 years ago

William Grzybowski wrote:

Not sure if this is a joke or real issue report.

This is indeed a real report. Sorry if it came off otherwise, I was simply trying to be thorough and give any information I could. What makes this seem like a joke?

#11 Updated by William Grzybowski about 3 years ago

Cody Fleetwood wrote:

William Grzybowski wrote:

Not sure if this is a joke or real issue report.

This is indeed a real report. Sorry if it came off otherwise, I was simply trying to be thorough and give any information I could. What makes this seem like a joke?

Using a password of this size and all kind of special characters (which are dependent on the charset).

#12 Updated by Cody Fleetwood about 3 years ago

When using KeePee, passwords like this are common. I fully understand if FreeNAS doesn't support passwords containing high ascii characters, but it would be nice if it denied the password in some way. At least let users know what the password limits are. However, like I mentioned a few comments back, it seems to be a specific character making it fail. If I shorten the password, it works. I can even add to the shortened password with normal characters and it works. Any idea what specifically would allow it to accept a password as valid yet not be able to properly support it?

#13 Updated by William Grzybowski about 3 years ago

  • Assignee changed from William Grzybowski to Anonymous

Kaustubh, is this something you can work on?

Thanks

#14 Updated by Anonymous about 3 years ago

  • Status changed from 15 to Screened

#15 Updated by Anonymous about 3 years ago

  • Assignee changed from Anonymous to Anonymous

#16 Updated by Anonymous about 3 years ago

  • Status changed from Screened to 19

#17 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Status changed from 19 to Screened
  • Assignee changed from Anonymous to William Grzybowski
  • Priority changed from No priority to Nice to have
  • Target version set to 9.10.1-U3

William, can you add a simple filter to fail when a password like this is attempted? For what its worth, other password managers like lastpass give you an option to not use high ascii chars, something I would recommend in this case.

#18 Updated by William Grzybowski almost 3 years ago

Kris Moore wrote:

William, can you add a simple filter to fail when a password like this is attempted? For what its worth, other password managers like lastpass give you an option to not use high ascii chars, something I would recommend in this case.

Why? There is nothing wrong this this kind of passwords. A fix has been committed to this.

#19 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

Ok, so if the underlying issue has been corrected, then can we safely close this out?

#20 Updated by William Grzybowski almost 3 years ago

I need to find the pull request from calsoft and create the fixes branches.

#21 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Target version changed from 9.10.1-U3 to 9.10.2

#22 Updated by William Grzybowski almost 3 years ago

  • Status changed from Screened to Reviewed

#23 Updated by William Grzybowski almost 3 years ago

Merge branches created, FIX-15812 FIX-TN-15812, a16bf65f5aa85327f0f85213fa3f44c60d23f43c

#24 Updated by Vaibhav Chauhan over 2 years ago

  • Status changed from Reviewed to Ready For Release

#25 Updated by Dru Lavigne over 1 year ago

  • Status changed from Ready For Release to Resolved

Also available in: Atom PDF