FreePBX e-mailed my weak passwords to me

This has to be a bug or a very poorly thought out feature. I added the weak passwords module this afternoon and this evening, my PBX sent me an e-mail telling which extensions had weak passwords. That is a little iffy, but tolerable. THe problem is the server also told me what the weak passwords were. That is not good. THe phone system sent me an email with the extension number and its weak password.

I can see why it might have done it, but I can see your point also. It would be nice to have a option to allow it to e-mail both or NOT.

If it only ever sends e-mail internal and I know about it then I’d be cool with it, but if it e-mails external then I have a issue but the module does not know when it’s building the info if that is the case or not.

Sounds like a good reason to file a bug report with the developer and ask to address it.

John filed a report on this and I commented on the bug. This had me baffled since that module doesn’t email anything. Then I remembered that any security notice in the panel will be emailed just like online updates are emailed.

So please see the bug and comment on my questions there so we can determine how to handle this. It’s #3735 and I think John has valid points which we should decide how to address. The emailing of sensitive info is not what was intended in this mechanism.