macOS FileZilla Server - User password bug

[xSyKoTiKx]

I’m not sure if this is limited to any particular special characters but, when the password for a user has special characters in it (specifically at least an @ symbol), attempting to log into that user account with any client results in “invalid password”. Changing the password to something without the @ resolves the issue. It’s almost like the password string is not being handled as a literal, so it’s treating the @ as an operator.

This is with the latest full/non-beta release of FileZilla Server on macOS Monterey 12.3.1.

[botg]

Has the user's password been configured in FileZilla Server, or has the user been configured to use system credentials?

[xSyKoTiKx]

Has the user's password been configured in FileZilla Server, or has the user been configured to use system credentials?

Local account directly in FileZilla Server.

I just did some more testing and it turns out to be a little more confusing than I originally thought.

If I have the password set to "p@ssw0rd!" it accepts the login but if I change the password to "P@ssw0rd!" (only changing the case of the first letter) it fails. Using this same logic, thinking it must be the case of the first character, if I set to password to "m@trix" the password fails and changing it to "M@trix" still fails. Going back to the one that worked previously and just changing the first letter to "q" (so that the password is now "q@ssw0rd!") fails. There seems to be no rhyme of reason. I can get some passwords to work with either case, some to work with special characters, some only without special characters, some only with all lower case, etc. It's very strange. Like I originally said, though, it's like the password isn't being treated as a literal string, or something.

[botg]

If I have the password set to "p@ssw0rd!" it accepts the login but if I change the password to "P@ssw0rd!" (only changing the case of the first letter) it fails.

How exactly are you changing just the first letter? Note that once applied, the dialog only shows the hash of the previously entered password. To change only one character, enter the entire password as it should be.

[xSyKoTiKx]

If I have the password set to "p@ssw0rd!" it accepts the login but if I change the password to "P@ssw0rd!" (only changing the case of the first letter) it fails.

How exactly are you changing just the first letter? Note that once applied, the dialog only shows the hash of the previously entered password. To change only one character, enter the entire password as it should be.

I’m aware that it’s just a mask once it’s applied/saved.

I change it by erasing the entire field and typing out the password. To make sure nothing is typed wrong, I have also typed it out into a text editor and copy/pasted it into both the server and client.

[botg]

I'm not able to reproduce the issue.

[xSyKoTiKx]

I'm not able to reproduce the issue.

I can make a quick video demoing it if you want, but I don’t know if that’ll help you figure out where the problem is. I’ll post it in about 2 hours when I have time to make it.

[xSyKoTiKx]

I'm not able to reproduce the issue.

I can make a quick video demoing it if you want, but I don’t know if that’ll help you figure out where the problem is. I’ll post it in about 2 hours when I have time to make it.

Here is the demo I made of the bug in action (https://youtu.be/0LXl0IlUQOQ). Keep in mind that these results are different than what I had previously stated in a past comment, where "p@ssw0rd!" worked and "P@ssw0rd!" didn't, which takes us to how random this bug really is. I cannot find any kind of logic behind its behavior.

As you will see, here are the passwords I attempted to use and their result:
"P@ssw0rd!" (worked)
"p@ssw0rd!" (failed)
"Q@ssw0rd!" (failed)
"q@ssw0rd!" (failed)

Since some of the errors refer to TLS, I also tried connecting as "Plain" (insecure) FTP to get TLS out of the picture, but it changed nothing.

[botg]

I was able to reproduce the issue now.

Workaround: Set to "Use system credentials", Apply, Set it back to require a pw, paste/type it in and Apply.

[xSyKoTiKx]

I was able to reproduce the issue now.

Workaround: Set to "Use system credentials", Apply, Set it back to require a pw, paste/type it in and Apply.

Awesome. Glad I wasn’t going crazy after all.

For the workaround, would I need to do those steps each time I wanted to change the password? I’m assuming yes.

[botg]

For the workaround, would I need to do those steps each time I wanted to change the password? I’m assuming yes.

Yes. Alternatively, administrate the server from a machine running a different operating system.

[xSyKoTiKx]

For the workaround, would I need to do those steps each time I wanted to change the password? I’m assuming yes.

Yes. Alternatively, administrate the server from a machine running a different operating system.

Interesting. Thanks. I’ll be looking forward to the fixed release for both of the bugs I reported in 1.4.0.