Constant Plesk Administrator password?

[knocx]

Weird...interesting and i dont want to believe this....but

we had 2 windows psa servers (7.5.6 & patched) compromised constantly , thus we had abandoned the servers and 1500 domains, discontiniued plesk, this costed us over 30.000USD

I had a post about some vulnerabilities here

https://forum.plesk.com/showthread.php?s=&threadid=31670


But this thing is different , today another hacked company called us , they had 1 win PSA windows server with same settings and they are also compromised several times. he said that the hackers contacted him and told where the breach is.


he says : The hackers caimed that The "Plesk Administrative Account" which is a member of Administrators group has a default password by installation thats how they get in so easiliy,

the company isnt sure if they are talking about Plesk Administrative account or psaadm account.

The question is : Does this Plesk Administrative account or psaadm has a constant password???

I will try to dump the sam database and analyse this, please anyone tries this test, post what you found it here

 

[lboss]

> Does this Plesk Administrative account or psaadm has a constant password???

No. These passwords generate by random algorithm.
Can you contact SWsoft support team for give more information about problem?

 

[lboss]

But, may be you used the cloning for creating new server. In this case passwords can be coincided. For setting new password you can use the following command:
papswd --set --password='new password'