• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue [BUG] Plesk Password not strong enough?

safemoon

Basic Pleskian
Hello,

I am using the Plesk REST API V2 to create accounts, domains, databases etc. but im having issues with the password policy, I also see many other people have the same issues.

I am getting the following error
{ "code": 500, "message": "Your password is not complex enough. According to the server policy, the minimal password strength is Weak (not recommended, such a password could be brute-forced within 5 minutes). Strong passwords must contain at least all of the following: eight characters; one upper- or lowercase character; three numbers and one special character (!, @, #, $, %, ^, &, *, ?, _, ~) or one number and two special characters." }

The password im generating is:
10 lowercase/uppercase characters + 3 digits + 2 symbols + 2 uppercase characters

In total the password is 17 characters long.

Can you show me a few legit passwords that pass through the security policy so i can alter my password generation function?
 
the issue was the symbol "&"
Somehow, no matter how long and how strong the password i generate is if it contains one instance of the symbol "&" it will automatically mark it as "weak"

removing the symbol solved my issue when creating plesk accounts through the API.

However, the error message says that the "&" symbol is included in the allowed list of symbols for the password.
@IgorG kindly let the security team know about this issue, and change the error message as well to avoid confusion.
 
Back
Top