N-able N-centralCase Sensitive Passwords

Last Modified

Tue Sep 01 08:03 GMT 2020

Description

• In some specific circumstances, N-able N-centralmay accept a password which is not in the same case format as an actual users password.

Environment

• N-able N-centralVersion 10+

Solution

• N-able N-centralinverts passwords during authentication meaning that certain passwords will be accepted despite being in the incorrect case format. For example:
  • N-able N-centralwill accept both "Password1" and "pASSWORD1"
• It will not accept "PaSSwOrD1" as this is not the exact inversion of the original password.

• This is by design and was implemented in N-able N-centralVersion 10.0