Jump to content

is there a way to let admin know of insecure passwords?


mattlandis

Recommended Posts

In the latest, we actually changed a few things regarding passwords due to the obvious problems with default passwords.

 

When the PBX takes the default configuration, the default passwords for extensions (also PIN) and domain provisioning are just "*". That means the PBX will generate automatically some random passwords for these extensions (12 alphanumeric or so), so that someone from outside will have a real hard time guessing them. You can still do PnP and the PBX will provision the passwords fine (depending on the MAC trust level and the client certificate that the device presents).

 

The only open door is still the admin password. But somehow you have to log in the first time! If admins don't change that password then I also dont know. I think when you try to save global settings (which also contains the admin password) by default the JavaScript will complain about the empty admin password, so you have the chance to change that as well.

 

We added a warning symbol in the account page that lights up when the account has no password set. But it is not as critical as before, as the PBX does not accept registrations without passwords any more (another change we did a few months ago).

 

The biggest security risk as users that don't like to use good passwords, that remains the core problem.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...