How Do I Disable Strong Passwords

I setup a new install of FreePBX for our offices and was unaware of the new strong passwords feature. Normally I love strong passwords, however in this install it’s become a problem.

Due to the scripts we use for setting up a users extension it doesn’t allow the ability to enter alpha characters into the password (which FreePBX now requires). I’m working on fixing the scripts, but in the meantime I need to get my extensions up and running.

I’ve un-installed the “Weak Password Detection” module, but when I attempt to set the secret for the extension, it’s still saying I have to include at least to alpha characters.

Figure I’m probably overlooking something simple, but if someone could shed a little light, that would me great.

Thanks in advance!

That seemed to do the trick to at least get my extensions up and running.

Thank you so VERY much!

Edit the file at: admin/common/script.js.php. Add “return false;” as the first line inside of the weakSecret() block.

Existing secrets aren’t scruitinized.

Perhaps we need a control knob to control the enforcement of this?

While it’s certainly simple enough to make the edit prescribed above, I don’t believe it will survive an upgrade to a new freepbx release.

A knob is probably warranted… Looks like the weakSecret() function gets called on 2 occasions in modules/core/ Those places would be the ideal spots to check for a 0|1 preference value for enforcement…

Just my $0.02… I’ll look into submitting a patch if nobody wants to take it on. Of course, I’ll just need to find the time to do that. :slight_smile:

You may need to empty your cache and refresh the page

It is not working for me !!!

I also tried this:

function weakSecret()
return false;
// var password = document.getElementById(‘devinfo_secret’).value;
// var origional_password = document.getElementById(‘devinfo_secret_origional’).value;
// if (password == origional_password)
// {
// return false;
// }
// if (password.length <= 5)
// {
// alert(’<?php echo _("The secret must be at minimum six characters in length."); ?>’);
// return true;
// }
// if (password.match(/[a-z].[a-z]/i) == null || password.match(/\d\D\d/) == null)
// {
// alert(’<?php echo _("The secret must contain at least two numbers and two letters."); ?>’);
// return true;
// }
// return false;

I comment out everything but still asks 6 characters password !!!

I’m using Asterisk NOW 3.0 (FreePBX 2.11beta on Asterisk 11) and can’t find this file or folder.

These are the files and folders in my /var/www/html/admin folder.


Thought I’d register and reply to this seeing as I am constantly rebuilding client PBXs and don’t have access to their system - thus requiring the password to stay identical to the old system.

The file you’re looking for is here: /var/www/html/admin/assets/js/pbxlib.js
I renamed the function weakSecret() to weakSecret2() and created my own below it:
weakSecret(){return false;}

CTRL+F5 the page after editing this file and voila! No more annoying alert message :slight_smile:


Its simple go into advanced settings module in FreePBX and disable require strong password option.