• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

System password is shown as clear text

A

Anassa

Guest
Hi,
I figured out that the plesk admin password is shown as clear text after upgrading to Plesk 8.1. I am able to retrieve password for some other servers running Plesk 8.1 easly.
I am happy to share this information with SWSOFT in more details. The phone operators are not keen to understand this security issue; they are more interested in the number of my service contract I obviously do not have :-((
Kind regards,
Lars
 
hmm....

Hi,

hm can you please provide me with more details so I can check this on our systems? It would be grade because if this is true, we must have a patch ASAP!!! There was an securtiy Problem like this in Plesk 8.x for Windows which had be closed after some time after this occurs. Hope you can tell us what you had done so we can check if this occurs on every system.

Best regards,

dkuwi
 
swsoft doesn't officially read here, try to sell the vulnerability on ebay ;)
 
Originally posted by Anassa
Hi,
I figured out that the plesk admin password is shown as clear text after upgrading to Plesk 8.1. I am able to retrieve password for some other servers running Plesk 8.1 easly.
Click to expand...

shocked - but agree here on my system!!
 
how did you do

Hello,

hm I am also shocked but I dont know how you find it out, could you please tell it to me so I can try it on my systems here?

Best regards,

dkuwi
 
You should restart your server (not only apache) and change your system password. I furthermore recommend, that you should not publish phpinfo infomation publicly.
Rgds,
anassa
 
Is it possible to get some more details on this? I would like to check this with my server as well. :(
 
just make an update and change your password. then you are fine.

I will not reveal any sec. related hints.
 
Well, this is the admin passwoord for ~12 server holding a few hundred customers.
You can't change this just on a guess as the change has a big rat-tail of changes as well. :(
 
You must log in or register to reply here.

Similar threads

B
Issue Password strength policy displayed to users does not match the one chosen by admin
Replies
0
Views
865
blipp
B
J
Question how to switch shell user to vhost domain owner user with su command ?
Replies
0
Views
1K
jmano
J
U
Incorrect Username or Password - I´m not able to reset my password
Replies
1
Views
2K
UserNotFound
U
A
How can an e-mail user change its own password?
Replies
17
Views
10K
DaveKay
D
M
Inctroducing incremental backup script - take a look
Replies
5
Views
7K
Christian_S
C
Back
Top