Skip to main content

Checkup Documentation

Blank passwords (non-admins)

cms-user-blank-password-non-admins

severity-high

Summary

Important Security Note: If your site has custom authorization configured this check may not be applicable.

While having Non-Administrator users with blank passwords may or may not be a serious security issue depending on the roles and permissions of those users, it is an issue that should be reviewed quickly. Proper management of users and passwords is crucial for the integrity of your site and your data.

The easiest way to deal with blank password issues is to enforce a Password Policy. To learn more about forcing a password policy please visit the cms-settingskey-force-password-policy page.


Check Logic

Constant Care for Kentico will ensure the number of non-admin users with blank passwords is no more than 0 (default)

You can manage your settings for this checkup in the Constant Care for Kentico admin settings.


Verifying The Check

To manage individual users you can navigate to the Users Application.

From there you can edit individual users and set and/or reset their passwords. We recommend that there be no non-administrative users with blank passwords at any time.

Changes to your site should only be made by an experienced Kentico Xperience developer. If you need assistance in making these changes please reach out to the Toolkit For Kentico team to be connected with a Kentico Xperience partner.