NAS540: Web login broken with firmware version V5.21(AATB.4) / Passwords with special chars

Haeberle Posts: 1
edited March 2020 in Personal Cloud Storage

just wanted to tell you a glitch that appeared in this firmware, and possibly locks you out of your web admin interface. Affected Firmware:


Appeared Feb/Mar 2020

The web interface login in this firmware started to have problems with passwords that contain other characters than (possibly, not tested) a-z,A-Z,0-9. The problem is also that the web interface does not prevent you from setting a password for an admin, with a character other than the ones above.

In my case, the existing admin had a password containing an exclamation mark '!'. After the update, the web interface login was no longer possible. Samba shares and SSH / Telnet are not affected.

I edited /etc/samba/smbpasswd using SSH, and replaced the admin password hash with the one from /etc/samba/smbpasswd.default (='1234'). After that, the web interface login worked, and I was able to set the admin password to something without '!'. I also tested for '$' - also not possible.

Since the web interface allows to set such passwords, I consider this a (dangerous) bug. Please fix, Zyxel!

Hope that helps everyone with the same problem.




Consumer Product Help Center