• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue password encryption for mail users and roundcube error log

Jens Johansson

Basic Pleskian
Hi there,

i use CentOS 7.2 with Plesk 12.5 MU#52

I have found the PLAIN TEXT password for mail_users in:
/usr/local/psa/admin/bin/mail_auth_view and in /var/log/plesk-roundcube/errors!

/usr/local/psa/admin/bin/mail_auth_view
Authentication database contents:
+--------------------------------------+-----+--------------------------------------+
| address |flags| password |
+--------------------------------------+-----+--------------------------------------+
| info@naeh | | PASSWORD in PLAIN TEXT |
| info@naeh | | PASSWORD in PLAIN TEXT |


cat /var/log/plesk-roundcube/errors
[04-Nov-2016 21:46:16 +0000]: <975ij0pc> IMAP Error: Login failed for info@naeh-******.de from **.90.**.**(X-Real-IP: **.90.***.***). AUTHENTICATE CRAM-MD5: A0001 NO Login failed. in /usr/share/psa-roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /roundcube/?_task=login&_action=login)
#2 /usr/share/psa-roundcube/index.php(118): rcmail->login('info@naeh-****...', 'PASSWORD in PLAIN TEXT', 'localhost', true)

1) It´s not a migration from other server!
2) How can i force password encryption"Flag E"?
3) Why does logged roundcube passwords in PLAIN TEXT !?

Many thanks in advance


Erik
 
Back
Top