It's even worse than that the BMC is a preconfigured part of the server not something you go to a sign up page for. It's literally the _change password functionality_ that does not warn/error on the password being too long!
I had seen the same thing on a (much older) switch, which is the only reason I thought to try truncating my password. Worked after dropping only one character, I was sort of expecting it to be 16 or maybe even 8.
> However if I log in with just the first 20 characters of the password, it works.
Even worse is when the password change form accepts more characters and processes them correctly, only to have the login form not allow you to enter all characters. If I'm not mistaken, the business remote deposit portal my bank uses does this.
Apparently there is a limit of 20 characters for the password. The password I set was 21 characters (which was accepted without error).
When I tried to log in with this password, the login was rejected.
However if I log in with just the first 20 characters of the password, it works.