1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

possible security risk: ftplogin for webuser without valid password

Discussion in 'Plesk for Linux - 8.x and Older' started by rizi, May 10, 2005.

  1. rizi

    rizi Guest

    0
     
    hi,

    can anybody confirm this? ->

    i created a webuser under a normal domain:
    www.testdomain.com/~webusername

    i set the password "letmein" for that webuser.

    now the user is able to login via FTP:
    Code:
     ftp://webusername:letmein@testdomain.com/ 
    thats okay ... but I can set ANY string for password:
    Code:
     ftp://webusername:dropmeoff@testdomain.com/ 
    will work too....

    changing password on the webuser-page in plesk does not take effect.

    software: suse 9, plesk 7.5.2

    thanks
    love
    rico
     
  2. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Webuser FTP login works correctly on my RH9/Plesk 7.5.2, passwords are treated properly.
     
Loading...