• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

password tag? ...confused

Well, anyone? Is Plesk storing passwords in plain text? If not, then how can it show a password? :-s
 
Igor, in your link it says "For security reasons, Plesk Panel no longer sends passwords in plain text."

So... Plesk is storing passwords in plain text????!!! What is that about? You must be kidding me I hope...?
Please tell me this isn't true??!
 
In former times, Plesk converted the stored hash passwords, before sending the user the defined password in PLAIN text. This was changed and therefore it says: "For security reasons, Plesk Panel no longer sends passwords in plain text."
 
... "Plesk converted the stored hash passwords" ...

I don't understand. A hashed password can not be converted to plain text :-s

"For security reasons, Plesk Panel no longer sends passwords in plain text."

True, I read that... it says it no longer sends them in plain text... but who says it doesn't store them in plain text? :(
 
Thanks Igor... makes me wonder why it's noted in the Plesk 12 documentation then. Is the documentation not up to date?
 
You used to be able to just cat the passwords out /etc/shadow for the password that you needed. It WAS stored as plain text but it no longer is. Now when you try you get the AES hash and salt. So they are now stored as a hash. For example:

cat /etc/psa/.psa.shadow used to return the plain text password for the psa admin password. Now you get:

$AES-128-CBC3rfxxxxxxxxxxxxxxQ0Q79+SMAX7g==$OzJBeG1ZndoB7NVAtfA2Nw==

Hash has been changed of course to protect the identity of the innocent :)
 
Last edited:
You must log in or register to reply here.

Similar threads

K
Resolved Placeholders for reseller resource overuse notices don't work
Replies
3
Views
1K
Hangover2
Hangover2
M
Issue Outgoing Mail Control is always 0
Replies
1
Views
339
MarketPC
M
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
K
Resolved How to create a database user with a known password hash
Replies
6
Views
6K
Kaspar
K
K
Forwarded to devs Error notification missing for forwarding domain back to itself
Replies
2
Views
617
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top