Error: "Invalid Username/Password or Disabled Account." when logging into Enforce with a password longer than 30 characters
search cancel

Error: "Invalid Username/Password or Disabled Account." when logging into Enforce with a password longer than 30 characters

book

Article ID: 266188

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

Creating a DLP User with a password longer than 30 characters causes that user to be unable to log in with the intended password.

  1. Create a DLP User.
  2. Enter a password longer than 30 characters.
  3. Save the user.
  4. Attempt to log in with the password entered in step 2.
  5. The login fails with the message "Invalid Username/Password or Disabled Account.".

Environment

Release: 15.8 and 16.0

Cause

The following DLP User (ProtectUser) password pages limit the password length to 30 characters:

  • New User / User Edit page:
       Settings > Login Management > DLP Users > New / Edit a user 
          /ProtectManager/enforce/admin/users/new
          /ProtectManager/enforce/admin/users/edit
  • User Profile Edit page:
        Home > Edit profile
          /ProtectManager/enforce/profile/edit
  • Password Update/Renewal page
       Appears after logging in with an expired password
          /ProtectManager/enforce/profile/password/edit


This issue is a bit deceptive because the user may think they are entering a password longer than 30 characters, but in actuality, the form is only accepting the first 30 characters, which is what is used for the stored password hash. The login page form does accept passwords up to 128 characters in length, so then when you attempt to log in as the user with the intended password, the resulting hash doesn't match the stored hash, so the login attempt fails.

Resolution

DLP 16.0 RU1 will include updated forms to allow passwords up to 128 characters in length to match the maximum length supported for AD Login Users.