-
Posts
4 -
Joined
m4ck5h4ck's Achievements
Noob (1/14)
0
Reputation
-
[6.7.2] Can't login as root after changing password via Webgui
m4ck5h4ck commented on m4ck5h4ck's report in Stable Releases
Awesome, glad to hear it! -
[6.7.2] Can't login as root after changing password via Webgui
m4ck5h4ck commented on m4ck5h4ck's report in Stable Releases
Thank you for your reply, priority has been changed to minor. The one most concerning to me was that the running list of processes leaked the VPN IP address one of my dockers is connecting to. The other things were a customized Unraid server name (should be switched to tower as part of the anonymization process IMO) as well as a few share names. This is exactly the point of the report. I don't love the answer of "Don't use quotes in your password" nonetheless I agree with jonathanm that some validation that rejects invalid passwords would be nice. -
Steps to reproduce: 1. Go to the webgui > users > root 2. Change the root password to the following (this was a randomly generated password from a password manager and was only used for this purpose, therefore I am comfortable posting it here): !N'z"':^0zywte8yHUi#,@|gmZ"=i9 After performing the above steps, I'm unable to log into the webgui as root or ssh into the box as root using the password listed above. Logging into the console similarly fails. The only way I was able to get back into the webgui was to power down and manually remove the password hash from the shadow file. Below is the password hash I removed from the shadow file: $5$MRoRGFWJT$cyvo9u.sQdRALjCYjx4hz23KeMnkydMyZELhrrlmxb7 I'm assuming it has something to do with the special characters used as mentioned in the below thread: Edit: I initially had my diagnostics folder uploaded, but it was pointed out to me there was some personal information I'm not comfortable posting publicly. I will happily provide the zip to the appropriate staff!