Skip to content

Check for Weak Passwords

The Weak Password Detection report scans extensions, voicemail, and admin accounts for trivially weak passwords (1234, 0000, matching the extension number, sequential digits, etc.). Run periodically — fraud attempts most often succeed against weak SIP secrets.

Steps

  1. Go to Reports → Weak Password Detection.
  2. Click Scan (button label may vary). The module checks:
    • SIP/PJSIP extension secrets.
    • Voicemail PINs.
    • Manager Users (AMI) secrets.
    • GUI Administrator passwords (if it has access).
  3. Results list each weak credential by extension/user.
  4. For each result, follow the link to the affected extension/user and reset the password to a strong value.

Strong Credential Guidelines

  • SIP secrets: auto-generate via the extension form (the Secret field has a regenerate button). 16+ chars, mixed case, numbers.
  • Voicemail PINs: 6+ random digits. Avoid 1234, 0000, the extension number, or birth years.
  • Manager Users (AMI): 16+ random chars. Use a password manager — these aren't typed by humans.
  • GUI Admin: 12+ chars, passphrase or password manager.

Set up automated scanning

The module typically runs on a schedule. Confirm the cron is firing:

crontab -l -u asterisk
# or
ls /etc/cron.daily/ /etc/cron.weekly/ | grep -i weak

If you want email reports of new weak findings, configure email in System Admin → Sysadmin → Email Setup.

Common Issues

  • Lots of false positives. The module flags anything matching its weak-pattern rules. Some intentionally short PINs (e.g. 1212 for a kiosk phone) will be flagged. Document exceptions; don't ignore the report wholesale.
  • Module won't scan. Database access issue or module disabled. Reinstall via Module Admin.
  • Found weak SIP secret — what to do? Reset secret on the extension AND re-provision the device. Old credentials linger on phones until updated.
  • Brute-force attempts in logs. Even with strong passwords, attackers will keep trying. Use System Admin → Firewall Fail2ban-style protection.