I have just installed and tested the Set Password plugin and it allowed the setting of username
and a spassword of
I can't imagine how any developer could imagine this would be acceptable.
Surely there should be some sort of minimum requirements built into the plugin to prevent such ridiculously weak details to be used.
I used a password tester on this account and it was cracked in under 2 seconds.
This plugin is completely useless in its present form and should be removed from the WPMU inventory as anyone using it is at great risk of their user accounts being compromised.