• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

possible security risk: ftplogin for webuser without valid password

R

rizi

Guest
hi,

can anybody confirm this? ->

i created a webuser under a normal domain:
www.testdomain.com/~webusername

i set the password "letmein" for that webuser.

now the user is able to login via FTP:
Code: 
 ftp://webusername:[email protected]/

thats okay ... but I can set ANY string for password:
Code: 
 ftp://webusername:[email protected]/
will work too....

changing password on the webuser-page in plesk does not take effect.

software: suse 9, plesk 7.5.2

thanks
love
rico
 
Webuser FTP login works correctly on my RH9/Plesk 7.5.2, passwords are treated properly.
 
You must log in or register to reply here.

Similar threads

S
Forwarded to devs Delete username and password from Backups FTP Remote Storage Settings
Replies
2
Views
2K
seltix
S
E
How to Set up Your WordPress Website Security
Replies
0
Views
3K
Elvis Plesky
E
Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
4K
UFHH01
U
B
Question Optimal nginx performance Wordpress
Replies
1
Views
10K
bkhayes
bkhayes
O
Resolved Ubuntu Server 16.04 stops, without any errors
Replies
2
Views
3K
Oliver_Strixner
O
Back
Top