Insecure secrets in core_samba

Hi all
today I got the 2 following messages in notifications.
What they actually mean and how can I fix them?

Insecure secrets in core_samba
The add-on core_samba uses secrets which are detected as not secure, see for more information.

7 minutes ago
Insecure secrets in core_ssh
The add-on core_ssh uses secrets which are detected as not secure, see for more information.

7 minutes ago

This means that the passwords you use for the Samba add-on is weak and on the pwned list.


Sure , but if your SMB ports are closed on your firewall , why is that important ?

1 Like

There’s a heated debate about this issue over on this thread.

How do we turn these notifications off?

1 Like

I would also really like to disable them!

1 Like

By fixing your passwords.

I doubt that is going to happen but you never know.

I am getting this error in NodeRed, and there are no passwords in NodeRed as far as I know.

Insecure secrets in a0d7b954_nodered
The add-on a0d7b954_nodered uses secrets which are detected as not secure

I would also like to disable this notification, or at least have it tell me where to find my password that it hates.

Ok, i tried changing my Samba passwords twice to 15 digit ones using random words and special characters and yet still get the insecure secrets warnings.
What am I doing wrong?

Vote for it to be an optional
Hope for enough votes
Hope devs listen to the community

Here’s the link: Opt~out/in Password check to third party

Meanwhile you can block the api call if you don’t want the notifications. (This also includes no check, if you can live with that). This can be done in a few ways, but a simple one is to have either blocked or resolved locally to

Has there been an official response to the growing number of people who do not like/want/concerned about this issue?

Not what I know of. Discord and GitHub seems silent also.

Anyone figure this out? I’m still getting the notification.

FIX THE PASSWORD… that is the solution!