• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Plesk Injection Vulnerability

M

MichaeC

Guest
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
 
MichaeC said:
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
Click to expand...

See here: http://forum.parallels.com/showthread.php?p=616004#post616004
 
You must log in or register to reply here.

Similar threads

WhiteTiger
Question Deny login with root
Replies
1
Views
401
Kaspar
K
T
Question I am sooo lost. Trying to login to my Plesk
Replies
7
Views
2K
Kaspar
K
J.Wick
Issue External Email Stopped Working after Upgrading to Plesk Obsidian 18.0.70 Update #2
Replies
1
Views
480
J.Wick
J.Wick
M
Question How To Set Up Plesk Root Login via SSH With External SSH Keys
Replies
2
Views
939
MHC_1
M
D
Issue import backup
Replies
2
Views
970
dicker
D
Back
Top