Backslashes in passwords break user login?

This topic has 2 replies, 2 voices, and was last updated 13 hours, 26 minutes ago by Codog.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
June 9, 2025 at 9:59 PM #48409

Codog
Participant

Hi Peter,
I have recently been revisiting and testing the "Login" form feature of the MB User Profile. When testing the password field I have noticed that if a user has previously registered with a password containing a backslash the login will reject a user's password and falsely state that it is incorrect? All other special characters within passwords are fine.

I assume this is likely a character encoding or escaping issue in MB when the password is first saved?

Can you confirm that you see this issue at your end?

Thanks 🙂

Add New Note to this Reply

June 10, 2025 at 9:15 PM #48422

Peter
Moderator

Hello Leo,

Thank you for your feedback.

It is the issue of the registration form to allows the backslash in the password. WordPress itself doesn't allow it in the password when you add a new user.

I've escalated the issue to the development team to fix it as soon as possible.

Add New Note to this Reply

June 10, 2025 at 10:29 PM #48424

Codog
Participant

Hi Peter,
apologies you are correct.... the registration form. Although there is only a slim chance that a backslash will make it into a user password it's definitely good to prevent the potential error. Thanks for escalating!

Add New Note to this Reply
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.