Facebook
Twitter-
We value your experience with Plesk during 2024
Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
Please take this short survey:
https://pt-research.typeform.com/to/AmZvSXkx -
The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
-
We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.
Passwords are not PLAIN anymore in Plesk 11?
- Thread starter HoracioS
- Start date
HoracioS
Regular Pleskian
Yes, you are right!!!
Home-->Tools & Settings-->Security Policy
But take care about this....
The enhanced security mode is turned on.
This means the following:
All sensitive data in Panel are reliably protected from unauthorized access.
If you employ third-party software which uses the Panel remote API, note that it may be affected by the mode. Specifically, in the enhanced security mode, Panel prohibits obtaining sensitive data (such as user passwords) through the API.
Note that the enhanced security mode cannot be turned off.
Home-->Tools & Settings-->Security Policy
But take care about this....
The enhanced security mode is turned on.
This means the following:
All sensitive data in Panel are reliably protected from unauthorized access.
If you employ third-party software which uses the Panel remote API, note that it may be affected by the mode. Specifically, in the enhanced security mode, Panel prohibits obtaining sensitive data (such as user passwords) through the API.
Note that the enhanced security mode cannot be turned off.
abdi
Platinum Pleskian
Thanx for that information Igor.
Yes, you can. Just go to Home>Tools & Settings>Security Policy
if you use an external Mysql Database you must also change the Passord for the admin Account, because plesk gets an Access Denied from Mysql. It seems that Plesk use encrypted Password to connect to mysql if enhanced security mode is turned on.
you can do this by logging in to the external Mysql Insatance as root and change the Password for the admin Account with
you can do this by logging in to the external Mysql Insatance as root and change the Password for the admin Account with
HoracioS
Regular Pleskian
I wrote a little script for Plesk to write passwords in PLAIN text (disable Enhanced Security Mode in Security Policy section anytime). With Enhanced Security Mode disabled, you can still use PowerToys or other tools/scripts to read the passwords.
Best regards,
Horacio D. Stolovitzky
#!/bin/bash
MYSQL_BIN=`which mysql`
WGET_BIN=`which wget`
CHMOD_BIN=`which chmod`
CHOWN_BIN=`which chown`
TOUCH_BIN=`which touch`
/bin/rm -f /tmp/sec_pass
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "select val into outfile '/tmp/sec_pass' FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' from psa.misc where param = 'secure_passwords';"
VALOR_ACTUAL=`cat /tmp/sec_pass`
echo "El valor de actual de la la variable secure_passwords es: $VALOR_ACTUAL ";
echo "Desea Cambiarlo a o dejarlo en este valor ? ( S/N )"
echo " "
echo " "
echo " "
read SN
if [ "$SN" == "S" ] || [ "$SN" == "s" ]; then
if [ "$VALOR_ACTUAL" == "true" ]; then
echo "Actualizo el valor a FALSO !!!"
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "update psa.misc SET val = 'false' where param = 'secure_passwords';"
else
echo "Actualizo el Valor a VERDADERO !!!"
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "update psa.misc SET val = 'true' where param = 'secure_passwords';"
fi
else
echo "Usted decidio dejar el valor en $VALOR_ACTUAL"
fi
Best regards,
Horacio D. Stolovitzky
#!/bin/bash
MYSQL_BIN=`which mysql`
WGET_BIN=`which wget`
CHMOD_BIN=`which chmod`
CHOWN_BIN=`which chown`
TOUCH_BIN=`which touch`
/bin/rm -f /tmp/sec_pass
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "select val into outfile '/tmp/sec_pass' FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' from psa.misc where param = 'secure_passwords';"
VALOR_ACTUAL=`cat /tmp/sec_pass`
echo "El valor de actual de la la variable secure_passwords es: $VALOR_ACTUAL ";
echo "Desea Cambiarlo a o dejarlo en este valor ? ( S/N )"
echo " "
echo " "
echo " "
read SN
if [ "$SN" == "S" ] || [ "$SN" == "s" ]; then
if [ "$VALOR_ACTUAL" == "true" ]; then
echo "Actualizo el valor a FALSO !!!"
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "update psa.misc SET val = 'false' where param = 'secure_passwords';"
else
echo "Actualizo el Valor a VERDADERO !!!"
$MYSQL_BIN -uadmin -p`cat /etc/psa/.psa.shadow` -e "update psa.misc SET val = 'true' where param = 'secure_passwords';"
fi
else
echo "Usted decidio dejar el valor en $VALOR_ACTUAL"
fi
I will consider to change the security in Plesk, but I would rather decode the password in my scripts.
Or is the hash with which it is encrypted not available to me?
Is its hash unique to my server or is it a Plesk hash?
Security through obscurity was and is a bad thing!
Please be open about it....
I think I'm close with this command:
echo <encrypted password> | openssl enc -aes-128-cbc -a -d -salt -pass pass:`cat /etc/psa/private/secret_key`
The problem is that it isn't able to use the content of /etc/psa/private/secret_key
Maybe it needs this program?
/usr/local/psa/admin/sbin/pkey2rsapkey
Come on! help me!
echo <encrypted password> | openssl enc -aes-128-cbc -a -d -salt -pass pass:`cat /etc/psa/private/secret_key`
The problem is that it isn't able to use the content of /etc/psa/private/secret_key
Maybe it needs this program?
/usr/local/psa/admin/sbin/pkey2rsapkey
Come on! help me!
Similar threads
