• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue [BUG] Plesk Password not strong enough?

safemoon

Basic Pleskian
Hello,

I am using the Plesk REST API V2 to create accounts, domains, databases etc. but im having issues with the password policy, I also see many other people have the same issues.

I am getting the following error
{ "code": 500, "message": "Your password is not complex enough. According to the server policy, the minimal password strength is Weak (not recommended, such a password could be brute-forced within 5 minutes). Strong passwords must contain at least all of the following: eight characters; one upper- or lowercase character; three numbers and one special character (!, @, #, $, %, ^, &, *, ?, _, ~) or one number and two special characters." }

The password im generating is:
10 lowercase/uppercase characters + 3 digits + 2 symbols + 2 uppercase characters

In total the password is 17 characters long.

Can you show me a few legit passwords that pass through the security policy so i can alter my password generation function?
 
the issue was the symbol "&"
Somehow, no matter how long and how strong the password i generate is if it contains one instance of the symbol "&" it will automatically mark it as "weak"

removing the symbol solved my issue when creating plesk accounts through the API.

However, the error message says that the "&" symbol is included in the allowed list of symbols for the password.
@IgorG kindly let the security team know about this issue, and change the error message as well to avoid confusion.
 
Back
Top