• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

password tag? ...confused

Well, anyone? Is Plesk storing passwords in plain text? If not, then how can it show a password? :-s
 
Igor, in your link it says "For security reasons, Plesk Panel no longer sends passwords in plain text."

So... Plesk is storing passwords in plain text????!!! What is that about? You must be kidding me I hope...?
Please tell me this isn't true??!
 
In former times, Plesk converted the stored hash passwords, before sending the user the defined password in PLAIN text. This was changed and therefore it says: "For security reasons, Plesk Panel no longer sends passwords in plain text."
 
... "Plesk converted the stored hash passwords" ...

I don't understand. A hashed password can not be converted to plain text :-s

"For security reasons, Plesk Panel no longer sends passwords in plain text."

True, I read that... it says it no longer sends them in plain text... but who says it doesn't store them in plain text? :(
 
Thanks Igor... makes me wonder why it's noted in the Plesk 12 documentation then. Is the documentation not up to date?
 
You used to be able to just cat the passwords out /etc/shadow for the password that you needed. It WAS stored as plain text but it no longer is. Now when you try you get the AES hash and salt. So they are now stored as a hash. For example:

cat /etc/psa/.psa.shadow used to return the plain text password for the psa admin password. Now you get:

$AES-128-CBC3rfxxxxxxxxxxxxxxQ0Q79+SMAX7g==$OzJBeG1ZndoB7NVAtfA2Nw==

Hash has been changed of course to protect the identity of the innocent :)
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
1K
scpcomp
S
K
Resolved How to create a database user with a known password hash
Replies
6
Views
5K
Kaspar
K
M
Question Valid passwords for accessing mailboxes with iOS Mail
Replies
0
Views
1K
Mag Serv
M
WebHostingAce
Input Magento 2 | Plesk | Varnish Setup in a Docker
Replies
1
Views
5K
WebHostingAce
WebHostingAce
carini
Question Is using the same AWS RDS Database for multiple Plesk instances possible?
Replies
2
Views
3K
carini
carini
Back
Top