What's new

Bug: Samba/FTP users disappear when I change password

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Aquillyne

Occasional Visitor
I'm experiencing a strange bug in Asuswrt-Merlin 384.17.

I am able to add users to the list of Samba/FTP users, each with their own passwords and access rights.

However, when I change a user's password, if that password has more than a few special characters in it, for some reason, all of the users disappear and that user becomes the "root"/sole user (whose password now can't be changed).

I can't quite isolate the exact conditions under which this happens, beyond that it only occurs when:
  • I have more than 1 Samba/FTP user
  • I change the password of one of the users
  • The new password contains more than a few special characters, I suspect including ] and * in particular
I've also noticed that if I create users with passwords like this, which it doesn't like, while initially it looks like everything works, those passwords will not be accepted when trying to access Samba/FTP as that user.

The result of this is that I've permanently lost "admin" as the primary Samba/FTP user, and I have to be careful about creating weaker passwords for any future users so as not to trigger the bug.
 
Stick to alphanumerics and basic symbols. Asuswrt in general is notorious for having issues with more exotic characters, and fixing this is something that Asus will have to do, because last time I tried, it was a neverending chase, and I eventually gave up.
 
I use FileZilla Server which is free to run an FTP.

As long as I have the correct ports open in the router I don't run into any issues like this maybe worth a shot if you still have reoccurring problems.
 
Thanks @RMerlin.

I have managed to get it working consistently after:

1. Testing which special character combinations seem to cause issues and which don't.
2. Factory reset.
3. Create the users again from the start using passwords that were previously tested as not causing this issue.

For my own security I'm not stating here what combinations worked, but I did find ways of including special characters in the passwords.
 
How would your security be compromised if you share which special characters worked? :D
 
How would your security be compromised if you share which special characters worked? :D

I'm being paranoid of course, but cryptographically speaking, I'd be enormously reducing the search space for someone who wanted to crack my password.
 
@Aquillyne thanks for replying after so long! :)

As there are only so many characters (special or otherwise) to use for passwords, I'm sure they are already included in hackers' bags of tricks. :p
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top