Most non-alphanumeric characters flagged as invalid in passwords and elsewhere

  • Since a recent upgrade (I'm on 2.3.2_1 now), in many places in the GUI virtually only a-z, A-Z, 0-9 seem to be allowed.  Previously this was not the case.  Now I can't even use an _ in an alias name for instance.  Or an @ or $ in a password.  While it is possible to use simpler strings, specifically in the instance of passwords, this significantly reduces the security of a password.  Strangely enough, anything already stored in a config somewhere continues to be accepted, it's only new passwords and other entries that are not allowed to have even the simplest special characters.

    I suppose this is a bug, since I cannot believe that this is a design decision or is it?

    An example:
    Setting a L2TP user's password which includes a @, results in this:
    The password contains invalid characters.

    What's going on here?


  • Rebel Alliance Developer Netgate

    In the past, some areas were not properly validated against what the underlying systems could handle in all cases, so we have to tighten input validation here and there to stop invalid configurations from being made.

    The L2TP password field has rejected @ since at least pfSense 2.0. That has not changed. "" is allowed in an alias name just fine, I just made one with "" a few moments ago as a test.

    For other examples you'll have to be much more specific about what pages you are on and what specific inputs are rejected, and the exact error messages received.

  • That's funny involving the input validation because when I was going through the pfSense Setup wizard on the Configure LAN Interface, it said was an Invalid IP Address, I hit OK and continued the wizard and it worked anyway and set the IP, but strange nonetheless.

  • Rebel Alliance Developer Netgate

    You might have had a stray space before/after the address.

  • I don't think I did as I recorded it on video of me setting up my SG-1000. It popped that up when I clicked off the field after I finished typing it. It's no big deal, it set it to, was just interesting.

  • Rebel Alliance Developer Netgate

    OK I was able to replicate that one and it's not behaving properly, I'll open a ticket.


  • Glad to assist in finding bugs, it still sets the LAN IP though, just a little annoyance pop-up. :)