Blank passwords (non-admins)
severity-high
cms-user-blank-password-non-admins
Summary
Important Security Note: If your site has custom authorization configured this check may not be applicable.
While having Non-Administrator users with blank passwords may or may not be a serious security issue depending on the roles and permissions of those users, it is an issue that should be reviewed quickly. Proper management of users and passwords is crucial for the integrity of your site and your data.
The easiest way to deal with blank password issues is to enforce a Password Policy. To learn more about forcing a password policy please visit the cms-settingskey-force-password-policy page.
Check Logic
Constant Care for Kentico will ensure the number of non-admin users with blank passwords is no more than 0 (default)
You can manage your settings for this checkup in the Constant Care for Kentico admin settings.
Resolution
To manage individual users you can navigate to the Users Application.
From there you can edit individual users and set and/or reset their passwords. We recommend that there be no non-administrative users with blank passwords at any time.
Not sure what to do?
If you are ever unsure about making changes to your site, we encourage you to reach out to your
Kentico Xperience Gold Partner. If you do not have a partner,
then feel free
contact the Constant Care For Kentico team to get connected
with an expert.