I keep changing it higher to appease WHM, but then the cPanel Security Advisor keeps complaining that its not high enough. Now it's asking for a password that has a strength of 65. Where does it end?
Thank you.
Thank you.
Hello,
Security Advisor utilizes different types of alerts, depending on the severity of the issue. This includes warnings, possible issues, and informational alerts. You encountered multiple alert types in this instance based on the minimum password strength values you configured. You can find more information on the different types of alerts on the Security Advisor document.
Here's the relevant code from the Security Advisor GitHub for anyone interested in how the password strength check functions on the backend:
Thanks!
Security Advisor utilizes different types of alerts, depending on the severity of the issue. This includes warnings, possible issues, and informational alerts. You encountered multiple alert types in this instance based on the minimum password strength values you configured. You can find more information on the different types of alerts on the Security Advisor document.
Here's the relevant code from the Security Advisor GitHub for anyone interested in how the password strength check functions on the backend:
Code:
sub _check_for_low_pwstrength {
my ($self) = @_;
my $security_advisor_obj = $self->{'security_advisor_obj'};
if ( !$security_advisor_obj->{'cpconf'}->{'minpwstrength'} || $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 25 ) {
$security_advisor_obj->add_advice(
{
'type' => $Cpanel::Security::Advisor::ADVISE_BAD,
'text' => ['Trivially weak passwords are permitted.'],
'suggestion' => [
'Configure Password Strength requirements in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
$self->base_path('scripts/minpwstrength'),
'target',
'_blank'
],
}
);
}
elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 50 ) {
$security_advisor_obj->add_advice(
{
'type' => $Cpanel::Security::Advisor::ADVISE_WARN,
'text' => ['Password strength requirements are low.'],
'suggestion' => [
'Configure a Default Password Strength of at least 50 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
$self->base_path('scripts/minpwstrength'),
'target',
'_blank'
],
}
);
}
elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 65 ) {
$security_advisor_obj->add_advice(
{
'type' => $Cpanel::Security::Advisor::ADVISE_INFO,
'text' => ['Password strength requirements are moderate.'],
'suggestion' => [
'Configure a Default Password Strength of at least 65 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
$self->base_path('scripts/minpwstrength'),
'target',
'_blank'
],
}
);
}
else {
$security_advisor_obj->add_advice(
{
'type' => $Cpanel::Security::Advisor::ADVISE_GOOD,
'text' => ['Password strength requirements are strong.'],
}
);
}
return 1;
}
1;Thanks!
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| I | Password Strength Config not available | Security | 2 | |
| C | Bulk password generator that can meet cpanel strength requirements? | Security | 2 | |
| C | How to change password strength requirement? | Security | 2 | |
|
password strength | Security | 6 | |
| M | Strong Password Strength | Security | 3 |