1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Problem getting 'lost password' for mail clients

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by Henk van Andel, Mar 18, 2012.

  1. Henk van Andel

    Henk van Andel Guest

    Anyone can recover their password when logging in to Plesk. Including mail clients, logging in as me@domain.com.

    However, I found that:

    The original password is send to a known e-mail address; no matter what address is entered, Plesk sends it to me@domain.com. The client cannot access this because he lost his password! Catch 22? Or do I do something stupid? You can enter an email-address for receiving the lost password, but addresses other than me@domain.com are being refused. Logically, because otherwise everybody could steel the password of anybody just by knowing his e-mail address for logging in.
    Any comments? Suggestions?

    Moreover, sending the original password in clear text by e-mail is unsafe. Plus it implies that the server stores the original passwords (hopefully encrypted?!) where they could e hacked.
    To me it seems preferable to send a new temporarely password and urging/forcing the client to change it immediately over https.