I found that org.jboss.as.domain.management.security.password.simple.SimplePasswordStrengthChecker is used to check the password when adding a user using add-user.sh.
I also found /org/jboss/as/domain/management/security/password/utility.properties which tell:
minimal strength of password for normal users. Possible values: VERY_WEAK, WEAK, MODERATE, MEDIUM, STRONG, VERY_STRONG, EXCEPTIONAL
# If not present, it defaults to "MODERATE"
Is it possible to change the password strenght, without patching this properties file in jboss-domain-management.jar?
Retrieving data ...