Skip to main content

Checkup Documentation

Blank passwords (admins)

severity-critical cms-user-blank-password-admins

Summary

Important Security Note: If your site has custom authorization configured this check may not be applicable.

Having users with Global Administrator privileges that have blank passwords is a serious security issue and must be corrected immediately. Global Administrators have full access to all areas of the administrative interface of your site including user and e-commerce data. 

The easiest way to deal with blank password issues is to enforce a Password Policy. To learn more about forcing a password policy please visit the cms-settingskey-force-password-policy page.


Check Logic

Constant Care for Kentico will ensure the number of admin users with blank passwords is no more than 0 (default)

You can manage your settings for this checkup in the Constant Care for Kentico admin settings.


Resolution

To manage individual users you can navigate to the Users Application.

From there you can edit individual users and set and/or reset their passwords. We highly recommend that there never be an administrative user with a blank password.

Not sure what to do?

If you are ever unsure about making changes to your site, we encourage you to reach out to your Kentico Xperience Gold Partner. If you do not have a partner, then feel free contact the Constant Care For Kentico team to get connected with an expert.