• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

possible security risk: ftplogin for webuser without valid password

R

rizi

Guest
hi,

can anybody confirm this? ->

i created a webuser under a normal domain:
www.testdomain.com/~webusername

i set the password "letmein" for that webuser.

now the user is able to login via FTP:
Code: 
 ftp://webusername:[email protected]/

thats okay ... but I can set ANY string for password:
Code: 
 ftp://webusername:[email protected]/
will work too....

changing password on the webuser-page in plesk does not take effect.

software: suse 9, plesk 7.5.2

thanks
love
rico
 
Webuser FTP login works correctly on my RH9/Plesk 7.5.2, passwords are treated properly.
 
You must log in or register to reply here.

Similar threads

S
Forwarded to devs Delete username and password from Backups FTP Remote Storage Settings
Replies
2
Views
2K
seltix
S
E
How to Set up Your WordPress Website Security
Replies
0
Views
3K
Elvis Plesky
E
Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
4K
UFHH01
U
B
Question Optimal nginx performance Wordpress
Replies
1
Views
10K
bkhayes
bkhayes
O
Resolved Ubuntu Server 16.04 stops, without any errors
Replies
2
Views
3K
Oliver_Strixner
O
Back
Top