Issue Restrictive administrator can see everything

[netbuild]

Server operating system version

AlmaLinux release 8.9 (Midnight Oncilla)

Plesk version and microupdate number

18.0.61 #5

Hello,

I can't say exactly when it happened, but since one of the last updates the restrictive administrator can see and also change all menu items in Tools and Settings. This is a major security vulnerability and should be fixed as soon as possible.

Furthermore there is a problem with the 2FA authentication. An administrator cannot deactivate 2FA for another administrator if he has lost the authenticator.

Can anyone confirm this?

It's really annoying, but Plesk is now mutating into an advertising platform and patches more bugs in than out.

 

[Kaspar@Plesk]

I can't say exactly when it happened, but since one of the last updates the restrictive administrator can see and also change all menu items in Tools and Settings. This is a major security vulnerability and should be fixed as soon as possible.

That strange. Is restricted mode still enabled on the profile of these additional administrator(s)?

Furthermore there is a problem with the 2FA authentication. An administrator cannot deactivate 2FA for another administrator if he has lost the authenticator.

That correct. 2FA is can only ben enabled or disabled for all users.

 

[Yaroslav_T]

I can't say exactly when it happened, but since one of the last updates the restrictive administrator can see and also change all menu items in Tools and Settings. This is a major security vulnerability and should be fixed as soon as possible.

I've just tested this behavior on my old Plesk 18.0.57.5 and the latest 18.0.62 and the behavior and/or items in Restricted mode is still the same. So the issue appears to be to the specific settings for a specific additional admin or the settings of the Restricted Mode