We have irregular problems with passwords on Cisco SG250/SG350/CBS250 devices – more precisely with password changes. We suspect that it might be perhaps due to special characters in the password. Possibly "only" the web GUI is affected and not the SSH shell.

To reproduce the error:

1. Configure a switch with the configuration from the first attachment. In order to be able to reproduce the error quickly, the password aging is set to 1 day. We used a CBS250-8FP-E-2G with firmware 3.3.0.16 for this demonstration. But as described, the failure is also reproducible with several SG250/SG350/CBS250 devices and older firmware versions.
2. After one day, log in to the web GUI (https://192.168.10.1 on port Gi1):
3. Copy the following string to the Windows clipboard:

   Dd1!"$%&/()=?+*#'~@,^{[]}\`<>|.-;:_

   1. Type in the username: SMHadmin
   2. Paste the clipboard contents into the password field with CTRL+V
   3. Click "Log in"
4. The login is successful and the GUI will immediately redirect you to the "new password" page
   1. Paste the password from the clipboard into the Old Password field.
   2. Type a new password in the New Password and Confirm Password field, e.g.

      Ee1@,^{[]}\`<>|.-;:_NEW!"$%&/()=?+*#'~

5. After clicking the Apply button, you will get the error message "Incorrect old password". However, the old password is certainly correct, since it was pasted via the Windows clipboard - just like before when logging in.

We suspect that there is a bug here, especially since changing the password via the serial console or via SSH works if you enter exactly the same passwords as above. Can anyone reproduce this error? Or what do we wrong?