Overview

When a user who has the less than character ( < ) in their password tries to open the web interface, the following error appears:

Server Error in '/MailEssentials' Application

'A potentially dangerous Request.Form value was detected from the client (txtPassword=123<456)'

Note: '123<456' refers to the user-defined password with the less than character ( < ).

Environment

• GFI MailEssentials
• Forms authentication is enabled
•  (txtPassword=Passwordwith<Character)

Root Cause

The ASP.NET feature request validation tries to prevent script attacks. For more information, refer to Request Validation - Preventing Script Attacks.

Resolution

These are the two options in solving this issue:

• Set MailEssentials to use Windows Authentication. This can be done via Switchboard > UI Mode > Security > Authentication.
• Change the user's password. Create a new password that does not contain the less than character ( < ).