[Bugreport] LDAP/Local login fails with special character

First of all, thank you so much for the great work on UrBackup — it’s much appreciated and we truly love using it!

[Bugreport]
Product: UrBackup Server
Version: UrBackup 2.5.33
OS: Windows Server 2022
Environment: LDAP enabled
Language: German (lang: "de")


Description:

When LDAP is enabled, login fails for users (both local and LDAP) if their password contains a $ character.


Steps to Reproduce:

  1. Activate LDAP.
  2. Create two local users:
  • Administrator with password Welcome1
  • Failuser with password 123$
  1. Attempt to log in with:
  • Username: Failuser
  • Password: 123$
  1. Observe the response from the login API:

json

KopierenBearbeiten

{
  "api_version": 2,
  "lang": "de",
  "ldap_enabled": true,
  "success": false
}
  1. Now log in with:
  • Username: Administrator
  • Password: Welcome1
  1. Change the password of Failuser to just 123 (no $).
  2. Try logging in again with:
  • Username: Failuser
  • Password: 123
    → This time, login succeeds.

Expected Behavior:

Users should be able to log in successfully regardless of special characters like $ in their passwords, even when LDAP is enabled.


Actual Behavior:

Login fails when the password contains a $, despite the user and password being valid.


Impact:

This affects both LDAP and local users, preventing logins when certain special characters are present in passwords.


Possible Cause:

It appears that the password is not properly sanitized or escaped before being processed when LDAP is enabled. The $ symbol might be misinterpreted during authentication or LDAP query execution.

Thanks for tracking this down. Should be fixed with

1 Like