diff --git a/staff/acct/guess-passwords b/staff/acct/guess-passwords
index 6fd6bbd..b5db5a2 100755
--- a/staff/acct/guess-passwords
+++ b/staff/acct/guess-passwords
@@ -13,12 +13,17 @@ from concurrent.futures import ProcessPoolExecutor
 
 import pexpect
 import requests
+from ldap3.utils.conv import escape_filter_chars
 from ocflib.account.search import SORRIED_SHELL
 from ocflib.account.search import users_by_filter
 
 
 def unsorried_users():
-    return users_by_filter('(&(uid=*)(!(loginShell={})))'.format(SORRIED_SHELL))
+    return users_by_filter(
+        '(&(uid=*)(!(loginShell={})))'.format(
+            escape_filter_chars(SORRIED_SHELL)
+        )
+    )
 
 
 def fast_password_matches(username, password):