• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

password tag? ...confused

Well, anyone? Is Plesk storing passwords in plain text? If not, then how can it show a password? :-s
 
Igor, in your link it says "For security reasons, Plesk Panel no longer sends passwords in plain text."

So... Plesk is storing passwords in plain text????!!! What is that about? You must be kidding me I hope...?
Please tell me this isn't true??!
 
In former times, Plesk converted the stored hash passwords, before sending the user the defined password in PLAIN text. This was changed and therefore it says: "For security reasons, Plesk Panel no longer sends passwords in plain text."
 
... "Plesk converted the stored hash passwords" ...

I don't understand. A hashed password can not be converted to plain text :-s

"For security reasons, Plesk Panel no longer sends passwords in plain text."

True, I read that... it says it no longer sends them in plain text... but who says it doesn't store them in plain text? :(
 
Thanks Igor... makes me wonder why it's noted in the Plesk 12 documentation then. Is the documentation not up to date?
 
You used to be able to just cat the passwords out /etc/shadow for the password that you needed. It WAS stored as plain text but it no longer is. Now when you try you get the AES hash and salt. So they are now stored as a hash. For example:

cat /etc/psa/.psa.shadow used to return the plain text password for the psa admin password. Now you get:

$AES-128-CBC3rfxxxxxxxxxxxxxxQ0Q79+SMAX7g==$OzJBeG1ZndoB7NVAtfA2Nw==

Hash has been changed of course to protect the identity of the innocent :)
 
Last edited:
You must log in or register to reply here.

Similar threads

K
Resolved How to create a database user with a known password hash
Replies
6
Views
3K
Kaspar
K
M
Question Valid passwords for accessing mailboxes with iOS Mail
Replies
0
Views
882
Mag Serv
M
WebHostingAce
Input Magento 2 | Plesk | Varnish Setup in a Docker
Replies
1
Views
5K
WebHostingAce
WebHostingAce
carini
Question Is using the same AWS RDS Database for multiple Plesk instances possible?
Replies
2
Views
2K
carini
carini
J
Resolved how to get the plesk obsidian mysql / mariadb (?) root-replacement user "admin" password?
Replies
7
Views
17K
jmar83
J
Back
Top