Be careful with special characters and BIOS passwords

“So for future reference: Do not set a special symbol as password in your bios. Although it acts like it is correct. It will brick your laptop and this will cost you a new motherboard if you dont find out what the symbol is replaced by.”


OEM/IBV — not just Lenovo — better input validation. Try checking for emojiis too. 😦 Int’l characters are likely to also have issues. A bit more error checking will help users from having to buy new mobos to replace their bricks, big impact!

I recently helped an IPMI vendor with a problem where they would not accept punctuation in passwords, because this misread a security FAQ by David Wheeler, and were afraid punctuation would put them at risk of shell injection attacks.




Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s