1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

System password is shown as clear text

Discussion in 'Plesk for Linux - 8.x and Older' started by Anassa, Feb 20, 2007.

  1. Anassa

    Anassa Guest

    0
     
    Hi,
    I figured out that the plesk admin password is shown as clear text after upgrading to Plesk 8.1. I am able to retrieve password for some other servers running Plesk 8.1 easly.
    I am happy to share this information with SWSOFT in more details. The phone operators are not keen to understand this security issue; they are more interested in the number of my service contract I obviously do not have :-((
    Kind regards,
    Lars
     
  2. dkuwi

    dkuwi Guest

    0
     
    hmm....

    Hi,

    hm can you please provide me with more details so I can check this on our systems? It would be grade because if this is true, we must have a patch ASAP!!! There was an securtiy Problem like this in Plesk 8.x for Windows which had be closed after some time after this occurs. Hope you can tell us what you had done so we can check if this occurs on every system.

    Best regards,

    dkuwi
     
  3. buddaaa

    buddaaa Guest

    0
     
    swsoft doesn't officially read here, try to sell the vulnerability on ebay ;)
     
  4. Herby

    Herby Guest

    0
     
    shocked - but agree here on my system!!
     
  5. dkuwi

    dkuwi Guest

    0
     
    how did you do

    Hello,

    hm I am also shocked but I dont know how you find it out, could you please tell it to me so I can try it on my systems here?

    Best regards,

    dkuwi
     
  6. danliker

    danliker Silver Pleskian Plesk Certified Professional

    33
    43%
    Joined:
    Feb 15, 2006
    Messages:
    575
    Likes Received:
    0
    Location:
    Switzerland
  7. Anassa

    Anassa Guest

    0
     
    You should restart your server (not only apache) and change your system password. I furthermore recommend, that you should not publish phpinfo infomation publicly.
    Rgds,
    anassa
     
  8. semthetic

    semthetic Guest

    0
     
    Is it possible to get some more details on this? I would like to check this with my server as well. :(
     
  9. Herby

    Herby Guest

    0
     
    just make an update and change your password. then you are fine.

    I will not reveal any sec. related hints.
     
  10. semthetic

    semthetic Guest

    0
     
    Well, this is the admin passwoord for ~12 server holding a few hundred customers.
    You can't change this just on a guess as the change has a big rat-tail of changes as well. :(
     
Loading...