PCNS 3.0.0 does not accept special characters like ! and - in password

Anonymous user · ‎2021-07-08

I just installed PCNS 3.0.0 under SLES11SP1 today. Following the web-wizard, I entered all the required information including the UPS password. This password contains special characters like ! or -

I then tried to log into PCNS3 locally on the machine, it refused to take the username/password combination an locked me out.

I then reinstalled PCNS 3 with "test" as password to make sure I could log in at all. This worked and I was able to log in. I then tried to change this password from "test" to some simple words containing ! or - and it refused!

Are you seriously limiting passwords to letters and numbers ONLY?
I mean, if an attacker gets access to PCNS, he could easily shutdown the system! Thus, the passwords should be maximally secure...

Thanks for any help on this.

BillP · ‎2021-07-08

This is completely unacceptable behavior from this software. Complex passwords are a requirement these days.

The fact that this software made it out for public consumption shows a complete disregard for your customer's systems security, and a complete disregard for the quality of the products you create.

APC should be ashamed that this made it past QA.

There are TONS of UPS vendors on the market these days. I assure you if this is the quality we can come to expect from APC in the future, there are MANY other vendors that will take our money for power protection.

After using APC products for a decade, I'm extremely disappointed in what appears to be a very amateurish product design.

See Answer In Context

BillP · ‎2021-07-08

Good day endzone,

Sorry about the inconvenience but the PowerChute Network Shutdown (PCNS) password does not allow special characters like ! or @. The only acceptable characters are:

o the alphabet in both lowercase and uppercase (a to z and A to Z),
o numbers from 0 to 9,
o and the underscore (underline) character.

Kindly look into [this document|http://nam-en.apc.com/app/answers/detail/a_id/11382/kw/11382] that addresses the concern you have with the password.

Anonymous user · ‎2021-07-08

First of all, thank you very much for the quick reply! It's great that there is a KB article about the issue.

As far as I remember, 2.2.4 DID allow these characters in passwords, so you are forcing your customers to change their existing passwords (possibly on a large number of UPSes/servers) due to a software problem! To be honest, this is simply unacceptable. I would NOT have installed version 3.0.0 if I had known about this issue before the installation.

So, whatever technical reasons it might have, please consider allowing special characters again in the next release.

BillP · ‎2021-07-08

I completely understand and I'd like to apologize if we currently have no solution available at the moment, but I'm sure that our engineers are working on this and it'll be addressed in a future release. As of the moment we currently have no ETAs for the update so please check the website regularly.

Anonymous user · ‎2021-07-08

Hi... sry... but: big fat lol?

I've got the same Problem... but our company password policy DONT allow such low security passwords.

You're kidding me eh? Do u want to tell our Security Officer pls: "sry, Ur Admins can use secure Passwords with the NEW software, because the older one could, so... !!!!! happens".

I hope there will be an update soon... very soon... im sorry, but... i cant find other words for that than: lol...

BillP · ‎2021-07-08

This is completely unacceptable behavior from this software. Complex passwords are a requirement these days.

The fact that this software made it out for public consumption shows a complete disregard for your customer's systems security, and a complete disregard for the quality of the products you create.

APC should be ashamed that this made it past QA.

There are TONS of UPS vendors on the market these days. I assure you if this is the quality we can come to expect from APC in the future, there are MANY other vendors that will take our money for power protection.

After using APC products for a decade, I'm extremely disappointed in what appears to be a very amateurish product design.