The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password strength is never good enough for WHM

Discussion in 'Security' started by NestMan, Jun 27, 2016.

  1. NestMan

    NestMan Active Member

    Joined:
    May 10, 2016
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utah
    cPanel Access Level:
    Root Administrator
    I keep changing it higher to appease WHM, but then the cPanel Security Advisor keeps complaining that its not high enough. Now it's asking for a password that has a strength of 65. Where does it end?

    Thank you.
     
  2. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Use the password generator. I'm willing to bet that'll get you a successful password
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Put your car registration number on the end. Easy to remember, hard to hack.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Security Advisor utilizes different types of alerts, depending on the severity of the issue. This includes warnings, possible issues, and informational alerts. You encountered multiple alert types in this instance based on the minimum password strength values you configured. You can find more information on the different types of alerts on the Security Advisor document.

    Here's the relevant code from the Security Advisor GitHub for anyone interested in how the password strength check functions on the backend:

    Code:
    sub _check_for_low_pwstrength {
    
    my ($self) = @_;
    
    
    my $security_advisor_obj = $self->{'security_advisor_obj'};
    
    
    if ( !$security_advisor_obj->{'cpconf'}->{'minpwstrength'} || $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 25 ) {
    
    $security_advisor_obj->add_advice(
    
    {
    
    'type' => $Cpanel::Security::Advisor::ADVISE_BAD,
    
    'text' => ['Trivially weak passwords are permitted.'],
    
    'suggestion' => [
    
    'Configure Password Strength requirements in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
    
    $self->base_path('scripts/minpwstrength'),
    
    'target',
    
    '_blank'
    
    ],
    
    }
    
    );
    
    
    }
    
    elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 50 ) {
    
    $security_advisor_obj->add_advice(
    
    {
    
    'type' => $Cpanel::Security::Advisor::ADVISE_WARN,
    
    'text' => ['Password strength requirements are low.'],
    
    'suggestion' => [
    
    'Configure a Default Password Strength of at least 50 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
    
    $self->base_path('scripts/minpwstrength'),
    
    'target',
    
    '_blank'
    
    ],
    
    }
    
    );
    
    
    }
    
    elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 65 ) {
    
    $security_advisor_obj->add_advice(
    
    {
    
    'type' => $Cpanel::Security::Advisor::ADVISE_INFO,
    
    'text' => ['Password strength requirements are moderate.'],
    
    'suggestion' => [
    
    'Configure a Default Password Strength of at least 65 in the “[output,url,_1,Password Strength Configuration,_2,_3]” area',
    
    $self->base_path('scripts/minpwstrength'),
    
    'target',
    
    '_blank'
    
    ],
    
    }
    
    );
    
    
    }
    
    else {
    
    $security_advisor_obj->add_advice(
    
    {
    
    'type' => $Cpanel::Security::Advisor::ADVISE_GOOD,
    
    'text' => ['Password strength requirements are strong.'],
    
    }
    
    );
    
    }
    
    
    return 1;
    
    }
    
    
    1;
    

    Thanks!
     
Loading...

Share This Page