How Do I Disable Strong Passwords

Beta Program Issues
1

I setup a new install of FreePBX for our offices and was unaware of the new strong passwords feature. Normally I love strong passwords, however in this install it’s become a problem.

Due to the scripts we use for setting up a users extension it doesn’t allow the ability to enter alpha characters into the password (which FreePBX now requires). I’m working on fixing the scripts, but in the meantime I need to get my extensions up and running.

I’ve un-installed the “Weak Password Detection” module, but when I attempt to set the secret for the extension, it’s still saying I have to include at least to alpha characters.

Figure I’m probably overlooking something simple, but if someone could shed a little light, that would me great.

Thanks in advance!

2

That seemed to do the trick to at least get my extensions up and running.

Thank you so VERY much!

3

Edit the file at: admin/common/script.js.php. Add “return false;” as the first line inside of the weakSecret() block.

Existing secrets aren’t scruitinized.

4

Perhaps we need a control knob to control the enforcement of this?

While it’s certainly simple enough to make the edit prescribed above, I don’t believe it will survive an upgrade to a new freepbx release.

A knob is probably warranted… Looks like the weakSecret() function gets called on 2 occasions in modules/core/functions.inc.php. Those places would be the ideal spots to check for a 0|1 preference value for enforcement…

Just my $0.02… I’ll look into submitting a patch if nobody wants to take it on. Of course, I’ll just need to find the time to do that. :slight_smile:

5

You may need to empty your cache and refresh the page

6

It is not working for me !!!

I also tried this:

function weakSecret()
{
return false;
// var password = document.getElementById(‘devinfo_secret’).value;
// var origional_password = document.getElementById(‘devinfo_secret_origional’).value;
//
// if (password == origional_password)
// {
// return false;
// }
//
// if (password.length <= 5)
// {
// alert(’<?php echo _("The secret must be at minimum six characters in length."); ?>’);
// return true;
// }
//
// if (password.match(/[a-z].[a-z]/i) == null || password.match(/\d\D\d/) == null)
// {
// alert(’<?php echo _("The secret must contain at least two numbers and two letters."); ?>’);
// return true;
// }
// return false;
}

I comment out everything but still asks 6 characters password !!!

7

I’m using Asterisk NOW 3.0 (FreePBX 2.11beta on Asterisk 11) and can’t find this file or folder.

8

These are the files and folders in my /var/www/html/admin folder.

assets
bootstrap.php
CHANGES
config.php
functions.inc.php
helpers
i18n
images
index.php
libraries
module-builtin.xml
modules
page.modules.php
views

9

Thought I’d register and reply to this seeing as I am constantly rebuilding client PBXs and don’t have access to their system - thus requiring the password to stay identical to the old system.

The file you’re looking for is here: /var/www/html/admin/assets/js/pbxlib.js
I renamed the function weakSecret() to weakSecret2() and created my own below it:
weakSecret(){return false;}

CTRL+F5 the page after editing this file and voila! No more annoying alert message :slight_smile:

10

Guys

Its simple go into advanced settings module in FreePBX and disable require strong password option.