• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

possible security risk: ftplogin for webuser without valid password

R

rizi

Guest
hi,

can anybody confirm this? ->

i created a webuser under a normal domain:
www.testdomain.com/~webusername

i set the password "letmein" for that webuser.

now the user is able to login via FTP:
Code: 
 ftp://webusername:[email protected]/

thats okay ... but I can set ANY string for password:
Code: 
 ftp://webusername:[email protected]/
will work too....

changing password on the webuser-page in plesk does not take effect.

software: suse 9, plesk 7.5.2

thanks
love
rico
 
Webuser FTP login works correctly on my RH9/Plesk 7.5.2, passwords are treated properly.
 
You must log in or register to reply here.

Similar threads

S
Forwarded to devs Delete username and password from Backups FTP Remote Storage Settings
Replies
2
Views
2K
seltix
S
E
How to Set up Your WordPress Website Security
Replies
0
Views
3K
Elvis Plesky
E
Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
4K
UFHH01
U
B
Question Optimal nginx performance Wordpress
Replies
1
Views
9K
bkhayes
bkhayes
O
Resolved Ubuntu Server 16.04 stops, without any errors
Replies
2
Views
3K
Oliver_Strixner
O
Back
Top