Help Center/ Host Security Service/ FAQs/ Baseline Inspection/ How Do I Handle a Weak Password Alarm?
Updated on 2024-11-15 GMT+08:00

How Do I Handle a Weak Password Alarm?

Servers using weak passwords are exposed to intrusions. If a weak password alarm is reported, you are advised to change the alarmed password immediately.

Causes

  • If simple passwords are used and match those in the weak password library, a weak password alarm will be generated.
  • A password used by multiple member accounts will be regarded as a weak password and trigger an alarm.

Checking and Changing Weak Passwords

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. Choose Risk Management > Baseline Checks and click the Common Weak Password Detection tab.

    Figure 1 Common weak passwords

  4. Check the server, account name, account type, and usage duration of the weak password. Log in to the server and change the password.

Changing a Weak Password

System

Procedure

Remarks

Windows OS

To change the password in the Windows 10, perform the following steps:

  1. Log in to the Windows OS.
  2. Click in the lower left corner and click .
  3. In the Windows Settings window, click Accounts.
  4. Choose Sign-in options from the navigation tree.
  5. On the Sign-in options tab, click Change under Password.

None

Linux OS

Log in to the Linux server and run the following command:

passwd [<user>]

If you do not specify any username, you are changing the password of the current user.

After the command is executed, enter the new password as prompted.

NOTE:

Replace <user> with the username.

MySQL database

  1. Log in to the MySQL database.
  2. Run the following command to check the database user password:

    SELECT user, host, authentication_string From user;

    This command is probably invalid in certain MySQL versions.

    In this case, run the following command:

    SELECT user, host password From user;

  3. Run the following command to change the password:

    SET PASSWORD FOR'Username'@'Host'=PASSWORD('New_password');

  4. Run the following command to refresh password settings:

    flush privileges;

None

Redis database

  1. Open the Redis database configuration file redis.conf.
  2. Run the following command to change the password:

    requirepass <password>;

  • If there is already a password, the command will change it to the new password.
  • If there has been no password set, the command will set the password.
NOTE:

Replace <password> with the new password.

Tomcat

  1. Open the conf/tomcat-user.xml configuration file in the Tomcat root directory.
  2. Change the value of password under the user node to a strong password.

None