What limitations for special characters exist on the SSL Visibility software for the GUI password or Enable password?
Release : 126.96.36.199
When local authentication is implemented, administrators have the ability to configure password policy. Symantec recommends the password policy — at a minimum — meets the default password complexity requirements:
- Password length: at least eight characters
- Number of lower case characters: at least one
- Number of upper case characters: at least one
- Number of digit characters: at least one
- Number of special characters: at least one
- Prohibit common words
- Prohibit whitespace characters
Password complexity requirements apply to local user accounts and SNMPv3 User and Trap User passwords. They do not apply to TACACS+ or LDAP user accounts. When remote authentication is used, the password rules are controlled on the remote server, by the LDAP or TACACS+ server. However, Symantec recommends that these passwords conform to similarly stringent policy.
There are some issues with special characters in certain scenarios.
Per our Release notes, under SSL Visibility 4.x Known Issues, the following advisements are made:
SVF-5049 - The WebUI allows configuration of passwords with certain special characters that are not accepted when logging into the SSL Visibility WebUI or CLI local user accounts. The following characters should be avoided in passwords:
- double quote marks (“) at the end of a password
- backslash character following by the letter n (\n)
Note that when remote authentication is enabled, password policy is dictated by the remote authentication server.
SVF-5050 - Avoid using semi-colons in local user passwords. Although semi-colons are allowed when configuring passwords in the Initial Configuration Wizard (ICW) in SSLV 4.2.x, a password containing a semi-colon is not recognized when logging into the SSLV 4.3 WebUI or CLI. If you encounter this problem after upgrading to v4.3.x or higher, you should connect to the serial console, run the ICW, and specify a console user password that doesn’t contain any semi-colons.
SVF-7720 - The following special characters are not accepted when changing the enable password with the authentication enable-password CLI command:
- # \ ; anywhere in the password
- double-quote marks (") at the beginning of the password
Note: SSL Visibility strips out spaces entered at the end of a password, without alerting you to the fact.