It looks like currently, any password with an & causes commits to fail:
vyos@cr01b-vyos# set system login user vyos authentication plaintext-password "$something&strong%" [edit] vyos@cr01b-vyos# commit Password: [ system login ] /bin/sh: strong%: command not found Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/system-login.py", line 366, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/system-login.py", line 208, in generate user['password_encrypted'] = get_crypt_pw(user['password_plaintext']) File "/usr/libexec/vyos/conf_mode/system-login.py", line 58, in get_crypt_pw return cmd(f'/usr/bin/mkpasswd --method=sha-512 {password}') File "/usr/lib/python3/dist-packages/vyos/util.py", line 159, in cmd raise OSError(code, feedback) OSError: [Errno 127] failed to run command: /usr/bin/mkpasswd --method=sha-512 &strong% returned: $6$2QpdFyNemTT$B2CSS.4.8/Y1v/RmWmTqbf/XRzMi5CU6G/Q8Eip8uZtnQdKzLTJl.Zyq8sjdAGmg8/3lBZTjk5/QAvj8eYCSF1 exit code: 127 [[system login]] failed Commit failed [edit]
From what I can see, it looks like it's actually interpreting the &.