1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

possible security risk: ftplogin for webuser without valid password

Discussion in 'Plesk for Linux - 8.x and Older' started by rizi, May 10, 2005.

  1. rizi

    rizi Guest

    0
     
    hi,

    can anybody confirm this? ->

    i created a webuser under a normal domain:
    www.testdomain.com/~webusername

    i set the password "letmein" for that webuser.

    now the user is able to login via FTP:
    Code:
     ftp://webusername:letmein@testdomain.com/ 
    thats okay ... but I can set ANY string for password:
    Code:
     ftp://webusername:dropmeoff@testdomain.com/ 
    will work too....

    changing password on the webuser-page in plesk does not take effect.

    software: suse 9, plesk 7.5.2

    thanks
    love
    rico
     
  2. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Webuser FTP login works correctly on my RH9/Plesk 7.5.2, passwords are treated properly.
     
Loading...