Help Center/Host Security Service/FAQs/Baseline Inspection/How Do I Handle a Weak Password Alarm?
Updated on 2025-10-21 GMT+08:00
View PDF

How Do I Handle a Weak Password Alarm?

Servers using weak passwords are exposed to intrusions. If a weak password alarm is reported, you are advised to change the alarmed password immediately.

Causes

  • If simple passwords are used and match those in the weak password library, a weak password alarm will be generated.
  • A password used by multiple member accounts will be regarded as a weak password and trigger an alarm.

Checking and Changing Weak Passwords

  1. Log in to the HSS console.Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Risk Management > Baseline Checks and click the Risk Management tab.
  4. Check the server, account name, account type, and usage duration of the weak password. Log in to the server and change the password.

Changing a Weak Password

System

Procedure

Remarks

Windows OS

To change the password in the Windows 10, perform the following steps:

  1. Log in to the Windows OS.
  2. Click in the lower left corner and click .
  3. In the Windows Settings window, click Accounts.
  4. Choose Sign-in options from the navigation tree.
  5. On the Sign-in options tab, click Change under Password.

None

Linux OS

Log in to the Linux server and run the following command:

passwd [<user>]

Replace <user> with the username. If you do not specify any username, you are changing the password of the current user.

After the command is executed, enter the new password as prompted.

MySQL database

  1. Log in to the MySQL database.
  2. Run the following command to check the database user password:

    SELECT user, host, authentication_string From user;

    This command is probably invalid in certain MySQL versions.

    In this case, run the following command:

    SELECT user, host password From user;

  3. Run the following command to change the password:

    SET PASSWORD FOR'Username'@'Host'=PASSWORD('New_password');

  4. Run the following command to refresh password settings:

    flush privileges;

None

Redis database

  1. Open the Redis database configuration file redis.conf.
  2. Run the following command to change the password:

    requirepass <password>;

Replace <password> with the new password.

  • If there is already a password, the command will change it to the new password.
  • If there has been no password set, the command will set the password.

Tomcat

  1. Open the conf/tomcat-user.xml configuration file in the Tomcat root directory.
  2. Change the value of password under the user node to a strong password.

None

Parent topic:Baseline Inspection