cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

FEATURE REQUEST - Case Sensitive Passwords - Local NPM Accounts

FEATURE REQUEST - Case Sensitive Passwords - Local NPM Accounts

Hello,

Please add case sensitive local passwords to Solarwinds NPM. This would apply to any local users created within NPM such as Admin or Guest accounts. Since the local Admin account is an account that should never be disabled, it would be good to be able to provide case sensitive passwords to adhere to company policies and NIST complexity requirements. Currently in version 2019.4, if you enter a case sensitive password on a local NPM account, the case is ignored when entering the password into the web interface. This may help a bad actor within an organization to gain administrative access to the system to make changes that may be unauthorized. As always, strong passwords are required by increasing length. But case sensitive complexity is a good value add for security.

2 Comments

I agree--password implementations that aren't consistent within an organization's infrastructure are frustrating, confusing, and potentially creating vulnerabilities.

Tying everything into Active Directory and using RADIUS or TACACS is a nice solution, but when app & software manufacturers aren't checking character case, it leaves a hole.

It also begs the question "What ELSE are they doing differently from what I expect and need?"

Level 8

@rschroeder 

I agree with your response 100%! Typically we like to put a long password on the default login account in the event there is a major issue and it requires getting into the software implementation to make adjustments such as Active Directory level issues. So you intend to not use too much but nice to ensure the complexity requirements exist or are followed.