Problem occurs when adding mail user with hashed password (and I believe ftp user too) through remote client. When password hash includes special character (i.e. backslash) it is escaped twice.

In function _getSQL (tform_base.inc.php) whole inserted record is escaped:

$record = $this->encode($record, $tab, true);

and then for password with _ispconfig_pw_crypted == 1

$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";

so password field is escaped first time in encode and second time in quote functions.