How does the Windows agent determine users with weak passwords? (NETIQKB31795)

  • 7731795
  • 02-Feb-2007
  • 08-Sep-2008


How does the Windows agent determine users with weak passwords?

NetIQ Vulnerability Manager Agent for Windows 5.0

VigilEnt Security Agent for Windows 3.1

VigilEnt Security Agent for Windows 3.2

VigilEnt Security Agent for Windows 4.0


The Weak Passwords report uses a dictionary of numbers, characters, and words to identify weak passwords. The report returns a list of users whose passwords were found in this dictionary. You can add weak passwords to the dictionary , to do this follow the instructions below:

  1. Open the dictionary file located at C:\Program Files\PentaSafe\VSANT\pwdencode.dic (default location) in a text editor.
  2. Add the new weak passwords to the end of the word list.
  3. Save the dictionary file.

Do not put the new words between any of the current listings. The agent identifies new words at the end of the list, then creates a hash for the new words. This report incorporates the "Users with Password=Username" report and the "Users Without a Password" report to help identify weak passwords.

For version 5.0 go to c:\Program Files\NetIQ\Vulnerability Manager Agent\bin

Additional Information

Formerly known as NETIQKB31795