Help Center/ Host Security Service/ FAQs/ Baseline Inspection/ How Do I Handle a Weak Password Alarm?

Updated on 2024-09-25 GMT+08:00

View PDF

How Do I Handle a Weak Password Alarm?

Servers using weak passwords are exposed to intrusions. If a weak password alarm is reported, you are advised to change the alarmed password immediately.

Causes

If simple passwords are used and match those in the weak password library, a weak password alarm will be generated.
A password used by multiple member accounts will be regarded as a weak password and trigger an alarm.

Checking and Changing Weak Passwords

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
Choose Risk Management > Baseline Checks and click the Common Weak Password Detection tab.

Figure 1 Common weak passwords
Check the server, account name, account type, and usage duration of the weak password. Log in to the server and change the password.

Changing a Weak Password

System	Procedure	Remarks
Windows OS	To change the password in the Windows 10, perform the following steps: Log in to the Windows OS. Click in the lower left corner and click . In the Windows Settings window, click Accounts. Choose Sign-in options from the navigation tree. On the Sign-in options tab, click Change under Password.	None
Linux OS	Log in to the Linux server and run the following command: passwd [<user>]	If you do not specify any username, you are changing the password of the current user. After the command is executed, enter the new password as prompted. NOTE: Replace <user> with the username.
MySQL database	Log in to the MySQL database. Run the following command to check the database user password: SELECT user, host, authentication_string From user; This command is probably invalid in certain MySQL versions. In this case, run the following command: SELECT user, host password From user; Run the following command to change the password: *SET PASSWORD FOR'Username'@'Host'=PASSWORD('New_password');* Run the following command to refresh password settings: flush privileges;	None
Redis database	Open the Redis database configuration file redis.conf. Run the following command to change the password: *requirepass <password>;*	If there is already a password, the command will change it to the new password. If there has been no password set, the command will set the password. NOTE: Replace <password> with the new password.
Tomcat	Open the conf/tomcat-user.xml configuration file in the Tomcat root directory. Change the value of password under the user node to a strong password.	None

Parent topic: Baseline Inspection

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel