This is an automated report that originated from trying to reproduce bug 2389356. Installer WebUI Critical Error: Password is too weak StackTrace: Error: Password is too weak at Function.<anonymous> (http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:34:169536) at rQ (http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:78626) at http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:78823 at eQ (http://127.0.0.1/cockpit/@localhost/anaconda-webui/index.js:8:77659) Bitte hängen Sie Logdatei /tmp/journal.log an das Problem an. ---[ System & Environment Information ]--- OS: Fedora Linux 43 (KDE Plasma Desktop Edition) Anaconda version: 43.44 Anaconda UI version: 53.14.g7ea927aa Reproducible: Always Steps to Reproduce: 1. Download Fedora KDE 43. 2. Start installation. 3. Choose German language (Deutsch) and German keyboard layout (Deutsch). 4. When asked, confirm to encrypt disk. 5. For password, try using "pwvonroot". Actual Results: Anaconda WebUI will crash immediately with an error "Password too weak". Expected Results: Anaconda should not crash. If it does not want to create a weak password, it should gracefully inform users about it and let them recreate the password.
Created attachment 2112948 [details] journal.log
Created attachment 2112949 [details] anaconda_webui.log
Proposed as a Blocker for 44-beta by Fedora user lruzicka using the blocker tracking app because: I propose this as a blocker, because Anaconda crashes with weak passwords to encrypt the disk, which I believe violates https://fedoraproject.org/wiki/Fedora_44_Beta_Release_Criteria#Custom_partitioning
Yesterday, I have spent some time to look closer into this problem with the following findings: 1) The problem can only be reproduced on KDE. You can always trigger the crash using `pwvonroot` and `pwvonroo` passwords, however `bwvonroot`, for example, does not trigger it, nor does it `rootice`. Originally, I thought that the string `root` causes the problem, but it has been confirmed that `root` itself as part of the password cannot trigger the situation. 2) Anaconda not only crashes on the disk encryption pane, but on every password field where the "correct" password is used. 3) The crash happens immediately after the user stops typing the first password. It does not let users to retype the password, nor it lets users to proceed to the Next pane. 4) Anaconda uses the Cockpit backend to provide passwords strength and Cockpit backend uses the `pwscore` program to evaluate the passwords. I have tried manually with pwscore with the following results: * pwvonroot -> 15 * pwvonboot -> 18 * pwvonroo -> 0 * pwvonboo -> 3 * rootice -> Error in the password quality, password shorter than 8 digits * weakpassword -> 62 * rootvonpw -> 15 I am not sure why 'pwvonboot' passes and 'pwvonroot' does not. Also, 'pwvonroo' crashes and 'pwvonboo' does not. 'rootvonpw' does not crash, 'pwroot' does not crash, 'rootpw' does not crash.
Also, the Accounts.jsx file includes a list of reserved words (https://raw.githubusercontent.com/rhinstaller/anaconda-webui/refs/heads/main/src/components/users/Accounts.jsx), but the ones I have tested, such as 'daemon', 'rootsync', etc. do not crash and can be used as passwords.
I have also checked XFCE, LXDE, and LXQt and I can confirm that this is easily reproduced on all of them. It seems it might be the issue on all of spins, but on Fedora Workstation.
I could not reproduce it on KDE Rawhide from 20251110.
Documented as common issue: https://discussion.fedoraproject.org/t/172029
*** Bug 2389356 has been marked as a duplicate of this bug. ***
*** Bug 2406958 has been marked as a duplicate of this bug. ***
*** Bug 2417765 has been marked as a duplicate of this bug. ***
*** Bug 2420040 has been marked as a duplicate of this bug. ***
*** Bug 2411732 has been marked as a duplicate of this bug. ***
*** Bug 2424130 has been marked as a duplicate of this bug. ***
*** Bug 2425389 has been marked as a duplicate of this bug. ***