Created attachment 2104079 [details] webui.log Installer WebUI Critical Error: Password is too weak StackTrace: a1/</<@http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:25:232010 dZ@http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:77588 tu/<@http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:77787 sZ@http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:76621 When trying to encrypt my disk during Fedora installation and using the entire disk, the installer constantly crashes when i'm typing a password. I don't have time to finish writing more than a few characters, and it says my password is too weak.
Can you reproduce also with the Rawhide ISO?
Upstream fix: https://github.com/cockpit-project/cockpit/pull/22494
*** Bug 2369807 has been marked as a duplicate of this bug. ***
*** Bug 2395984 has been marked as a duplicate of this bug. ***
Proposed as a Freeze Exception for 43-final by Fedora user kkoukiou using the blocker tracking app because: Currently the installer crashes if pwscore is 0 for a password used for LUKS. The fix is trivial and safe.
How can I reproduce this issue? Whatever I type into LUKS password field (e.g. 123456), it says Weak, but doesn't crash. Proposing for a blocker discussion as well.
This crashes when `pwscore` returns `0`, honestly I had to change the pwscore default config in order to reproduce it, but it looks like users have managed to get to that with random passwords. Reproducer: Editing pwscore rules to change pwscore output: [anaconda root@ibm-p8-kvm-03-guest-02 ~]# printf 'minlen = 8\nminclass = 0\ndictcheck = 0\n' | tee /etc/security/pwquality.conf.d/99-weak.conf minlen = 8 minclass = 0 dictcheck = 0 Verify that pwscore prints 0. [anaconda root@ibm-p8-kvm-03-guest-02 ~]# printf '12345678' | /usr/bin/pwscore 0 Go to WebUI and try to encrypt the disk with this password '12345678'. This triggers a warning in the UI. If the passscore returns anything else other than 0 then the UI does not have an issue. Examples: [anaconda root@ibm-p8-kvm-03-guest-02 ~]# printf 'redhat123' | /usr/bin/pwscore Password quality check failed: The password fails the dictionary check - it is based on a dictionary word [anaconda root@ibm-p8-kvm-03-guest-02 ~]# printf 'redhat!$!' | /usr/bin/pwscore 31
(In reply to Katerina Koukiou from comment #2) > Upstream fix: https://github.com/cockpit-project/cockpit/pull/22494 And this includes the Cockpit fix to WebUI: https://github.com/rhinstaller/anaconda-webui/pull/1036
+3 in https://pagure.io/fedora-qa/blocker-review/issue/1969 , marking accepted FE.
I cannot reproduce this on a 20251010 nightly of Fedora Workstation. Not only webUI does not crash for me with simplistic passwords like 123456, but I also checked the pwquality.conf and no specific settings are there, everything is commented out with minlen=8 which suggests that passwords should be at least 8 letters, however WebUI accepts a 6-digit password for disk encryption. How is this possible?
WebUI reads the password lengh rule from its password policies. It's the ones that are set in the anaconda.conf [1]- password_policies. [1] https://github.com/rhinstaller/anaconda/blob/07464eaa88589967f7c055312b0133dd7d9b1398/data/anaconda.conf#L311
AGREED RejectedFinalBlocker Discussed at the 2025-10-13 (blocker / freeze exception) review meeting: This is a race condition that doesn't seem to appear too frequently and couldn't be reproduced intentionally. Re-evaluate if the fix is insufficient and the crash frequency increases or if the trigger method is identified. https://meetbot-raw.fedoraproject.org//blocker-review_matrix_fedoraproject-org/2025-10-13/f43-blocker-review.2025-10-13-16.00.txt
FEDORA-2025-ace7e79b36 (anaconda-43.44-3.fc43 and anaconda-webui-53^20251014git7ea927a-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-ace7e79b36
The above update still fails with "Password is too weak" when I try to use a non-latin layout (Russian) to type into the root password. I consider this a problem because webUI does not prevent users from doing so in any way.
Lukas, by "fail" do you mean crash or print an error (and stay functional)?
(In reply to Kamil Páral from comment #15) > Lukas, by "fail" do you mean crash or print an error (and stay functional)? By "fail" I mean that Anaconda reports a crash which I could report to Bugzilla. For me, this is not functional.
Hum, I can't reproduce. I booted the KDE image built by openQA with this change in it, picked Russian (Belarus) as the keyboard layout, went to the Create Account spoke, and tried various root passwords. Couldn't produce either an error about the password being non-ASCII or a crash. What *exactly* did you use as the root password to make it crash?
FEDORA-2025-ace7e79b36 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-ace7e79b36` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-ace7e79b36 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
(In reply to Adam Williamson from comment #17) > Hum, I can't reproduce. I booted the KDE image built by openQA with this > change in it, picked Russian (Belarus) as the keyboard layout, went to the > Create Account spoke, and tried various root passwords. Couldn't produce > either an error about the password being non-ASCII or a crash. > > What *exactly* did you use as the root password to make it crash? I was typing "fedora" on my keyboard and it produced the Russian equivalent of that word. I was using the phonetical keyboard layout.
FEDORA-2025-ace7e79b36 (anaconda-43.44-3.fc43 and anaconda-webui-53^20251014git7ea927a-1.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
@lruzicka Can you still trigger this issue even with F43 RC 1.4? Thanks!
F43 is out, dropping metadata.
this bug still exists in F43 KDE release iso. Entering a "weak" root password crashes the entire installer.
Created attachment 2111670 [details] screenshot
Created attachment 2111671 [details] anconda-webui.log
Can you say specifically what password you used to trigger this? I've never managed to trigger it yet, even in known-'broken' images, because I can't find anything that evaluates to 0 strength.
`pwvonroot` default partitioning scheme using entire disk +FDE locale=DE iso image: Fedora-KDE-Desktop-Live-43-1.6.x86_64.iso host: VirtualBox VM
This can be easily reproduced and happens every time. When Anaconda crashed for me, it created a duplicate bug 2413086. I put there the required anaconda-webui.log and journal.log. The reproducer is: 1. Download Fedora KDE 43. 2. Start installation. 3. Choose German language (Deutsch) and German keyboard layout (Deutsch). 4. When asked, confirm to encrypt disk. 5. For password, try using "pwvonroot". Actual Results: Anaconda WebUI will crash immediately with an error "Password too weak".
This bug is now overwhelmed with information of various kind, especially organisational stuff, which is not often usedful so I have provided more info in https://bugzilla.redhat.com/show_bug.cgi?id=2413086.
*** This bug has been marked as a duplicate of bug 2413086 ***