Bug: Samba/FTP users disappear when I change password

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Aquillyne

Occasional Visitor
I'm experiencing a strange bug in Asuswrt-Merlin 384.17.

I am able to add users to the list of Samba/FTP users, each with their own passwords and access rights.

However, when I change a user's password, if that password has more than a few special characters in it, for some reason, all of the users disappear and that user becomes the "root"/sole user (whose password now can't be changed).

I can't quite isolate the exact conditions under which this happens, beyond that it only occurs when:
  • I have more than 1 Samba/FTP user
  • I change the password of one of the users
  • The new password contains more than a few special characters, I suspect including ] and * in particular
I've also noticed that if I create users with passwords like this, which it doesn't like, while initially it looks like everything works, those passwords will not be accepted when trying to access Samba/FTP as that user.

The result of this is that I've permanently lost "admin" as the primary Samba/FTP user, and I have to be careful about creating weaker passwords for any future users so as not to trigger the bug.
 

RMerlin

Asuswrt-Merlin dev
Stick to alphanumerics and basic symbols. Asuswrt in general is notorious for having issues with more exotic characters, and fixing this is something that Asus will have to do, because last time I tried, it was a neverending chase, and I eventually gave up.
 

Makaveli

Very Senior Member
I use FileZilla Server which is free to run an FTP.

As long as I have the correct ports open in the router I don't run into any issues like this maybe worth a shot if you still have reoccurring problems.
 

Aquillyne

Occasional Visitor
Thanks @RMerlin.

I have managed to get it working consistently after:

1. Testing which special character combinations seem to cause issues and which don't.
2. Factory reset.
3. Create the users again from the start using passwords that were previously tested as not causing this issue.

For my own security I'm not stating here what combinations worked, but I did find ways of including special characters in the passwords.
 

L&LD

Part of the Furniture
How would your security be compromised if you share which special characters worked? :D
 

Aquillyne

Occasional Visitor
How would your security be compromised if you share which special characters worked? :D
I'm being paranoid of course, but cryptographically speaking, I'd be enormously reducing the search space for someone who wanted to crack my password.
 

L&LD

Part of the Furniture
@Aquillyne thanks for replying after so long! :)

As there are only so many characters (special or otherwise) to use for passwords, I'm sure they are already included in hackers' bags of tricks. :p
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top