It looks like currently, any password with an & causes commits to fail:
vyos@cr01b-vyos# set system login user vyos authentication plaintext-password "$something&strong%"
[edit]
vyos@cr01b-vyos# commit
Password: [ system login ]
/bin/sh: strong%: command not found
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/system-login.py", line 366, in <module>
generate(c)
File "/usr/libexec/vyos/conf_mode/system-login.py", line 208, in generate
user['password_encrypted'] = get_crypt_pw(user['password_plaintext'])
File "/usr/libexec/vyos/conf_mode/system-login.py", line 58, in get_crypt_pw
return cmd(f'/usr/bin/mkpasswd --method=sha-512 {password}')
File "/usr/lib/python3/dist-packages/vyos/util.py", line 159, in cmd
raise OSError(code, feedback)
OSError: [Errno 127] failed to run command: /usr/bin/mkpasswd --method=sha-512 &strong%
returned: $6$2QpdFyNemTT$B2CSS.4.8/Y1v/RmWmTqbf/XRzMi5CU6G/Q8Eip8uZtnQdKzLTJl.Zyq8sjdAGmg8/3lBZTjk5/QAvj8eYCSF1
exit code: 127
[[system login]] failed
Commit failed
[edit]From what I can see, it looks like it's actually interpreting the &.