NTLM password change fails when password contains an ampersand (&)

This article was previously published under Q238631
SYMPTOMS
When you attempt to change an expired Microsoft Windows NT password in Microsoft Internet Information Server (IIS) 4.0, and you use an ampersand (&) in the new password, the password does not change, even though you receive the following message after completing the password change form:
The operation completed successfully
"Password changed successfully" is returned when a password change is successful. The ampersand is a valid password character in Windows NT.
CAUSE
The parsing code in Ism.dll assumes the following sequence:
VARIABLE=VALUE&
When you use an ampersand (&) in the password, a sequence of one or more ampersands is created before an equal sign (=). For example, old password=password&will work correctly, butnew password=m&m&will not.
RESOLUTION

Windows NT Server or Workstation 4.0

To resolve this problem, obtain the latest service pack for Windows NT 4.0. For more information about how to obtain the latest service pack for Windows NT 4.0, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
For information about how to obtain the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Note The IIS 4.0 Windows NT Workstation and Windows 95/98 fixes will have different file properties.

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
STATUS
Microsoft has confirmed that this is a problem in Internet Information Server 4.0, in Windows NT 4.0, and in Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and Windows NT Server 4.0, Terminal Server Edition Service Pack 6.
MORE INFORMATION
You may experience another symptom for this problem. The Inetinfo process may spin at 100 percent CPU utilization.
percent peg max
Properties

Article ID: 238631 - Last Review: 10/13/2006 16:56:51 - Revision: 4.2

Microsoft Windows NT Server 4.0, Terminal Server Edition, Microsoft Internet Information Server 4.0

  • kbhotfixserver kbbug kbfix kbqfe KB238631
Feedback