Password strength is never good enough for WHM

NestMan

Active Member
May 10, 2016
25
0
1
Utah
cPanel Access Level
Root Administrator
I keep changing it higher to appease WHM, but then the cPanel Security Advisor keeps complaining that its not high enough. Now it's asking for a password that has a strength of 65. Where does it end?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

Security Advisor utilizes different types of alerts, depending on the severity of the issue. This includes warnings, possible issues, and informational alerts. You encountered multiple alert types in this instance based on the minimum password strength values you configured. You can find more information on the different types of alerts on the Security Advisor document.

Here's the relevant code from the Security Advisor GitHub for anyone interested in how the password strength check functions on the backend:

Code:
sub _check_for_low_pwstrength {

my ($self) = @_;


my $security_advisor_obj = $self->{'security_advisor_obj'};


if ( !$security_advisor_obj->{'cpconf'}->{'minpwstrength'} || $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 25 ) {

$security_advisor_obj->add_advice(

{

'type' => $Cpanel::Security::Advisor::ADVISE_BAD,

'text' => ['Trivially weak passwords are permitted.'],

'suggestion' => [

'Configure Password Strength requirements in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',

$self->base_path('scripts/minpwstrength'),

'target',

'_blank'

],

}

);


}

elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 50 ) {

$security_advisor_obj->add_advice(

{

'type' => $Cpanel::Security::Advisor::ADVISE_WARN,

'text' => ['Password strength requirements are low.'],

'suggestion' => [

'Configure a Default Password Strength of at least 50 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',

$self->base_path('scripts/minpwstrength'),

'target',

'_blank'

],

}

);


}

elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 65 ) {

$security_advisor_obj->add_advice(

{

'type' => $Cpanel::Security::Advisor::ADVISE_INFO,

'text' => ['Password strength requirements are moderate.'],

'suggestion' => [

'Configure a Default Password Strength of at least 65 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',

$self->base_path('scripts/minpwstrength'),

'target',

'_blank'

],

}

);


}

else {

$security_advisor_obj->add_advice(

{

'type' => $Cpanel::Security::Advisor::ADVISE_GOOD,

'text' => ['Password strength requirements are strong.'],

}

);

}


return 1;

}


1;

Thanks!