Weak Secrets issue

Hi,

I have a message on the dashboard warning me that some of my newly created extensions have weak passwords that are less than 6 digits long.

I corrected the issue by generating new 10 digits passwords (which all qualify as “strong” on the extension properties).

However, the dashboard keeps displaying the warning message, even though the conditions that generated it aren’t true anymore.

I’ve tried refreshing the page and rebooting the whole server, the warning won’t go away.

How can I fix this?

Thank you.

P.S.: I am running the latest FreePBX Distro (10.13.66), with FreePBX 13 and Asterisk 13.

I believe those kind of warnings have a little “X” you can click in the top right corner to make them disappear…

Good luck and have a nice day!

Nick

“apply config” is when those messages are written/cleared

I assure you, there is no X to dismiss, and the config has been applied, which is why I am confused.

Here is a screenshot of my dashboard:

You’ll notice that it displays a warning for extension 1125, which does not exist anymore.

It seems to me that the warning message somehow refuses to update, but I am at a loss about how I should go to make it right again.

http://issues.freepbx.org
please file a bug report.

$nt = notifications::create($db);
$security_notifications = $nt->list_security();
foreach($security_notifications as $notification)  {
	if($notification['module'] == "weakpasswords")  {
		$nt->delete($notification['module'],$notification['id']);
	}
}

The first thing it does is kill all notifications. So if the extension is not there that should fix it.

are you, or have you been in device and user mode?

I haven’t ever been in Device and User mode.

Also, how would I use that bit of code you provided me?

Thank you.

That code was just showing what the module does. The reason I asked about D&U mode is because it acts on the device. So in extensions the user (what you see) may be gone but the device may not be.

go to http://yourip//admin/config.php?display=devices and see if you see it.

I see the devices listed as fixed, each having a 10 digits password. The devices match the extensions listed above. There are no unassociated devices. Everything seems to be alright on that side.

Well, that was strange. I’ve updated to core 13.0.37, and after clicking the “Show new” button, the messages are gone.
Am I to understand that the dashboard was merely displaying older issues?

If that’s the case, I will close the bug ticket, as it actually is a misunderstanding.