- Server operating system version
- Linux
- Plesk version and microupdate number
- 18.0.55
Hi
I use very strong password policy.
So you probably can imagine how I was very surprised when I saw that an user has changed the password from the webmail, using as new password the domain!
So if I have for example a domain myverybeautifuldomain.com an user can set "myverybeautifuldomain" as password (with and without .com)
And it is not important that there are only lowercase chars, without uppercase chars or numbers or special chars ...
I've made some test and sometime plesk say that the password is not strong enough but many time it accept the domain as password (based on the specific domain).
I dont understand why it check if the password contains the username but not check if it contains the domain
Battling every day with upper, lower, number, special characters and then this crazy thing ...
If this is not a bug, it is surely a irresponsible method, as an user, in his naivety... , can create himself a BIG security breach
So PLEASE plesk people, would you be so KIND to set a control on the domain name (with and without extension) in the password!?
And possibly force to request at least ONE upper char in the password? and non only the simple lenght of 12/13 chars?
Thanks!
I use very strong password policy.
So you probably can imagine how I was very surprised when I saw that an user has changed the password from the webmail, using as new password the domain!
So if I have for example a domain myverybeautifuldomain.com an user can set "myverybeautifuldomain" as password (with and without .com)
And it is not important that there are only lowercase chars, without uppercase chars or numbers or special chars ...
I've made some test and sometime plesk say that the password is not strong enough but many time it accept the domain as password (based on the specific domain).
I dont understand why it check if the password contains the username but not check if it contains the domain
Battling every day with upper, lower, number, special characters and then this crazy thing ...
If this is not a bug, it is surely a irresponsible method, as an user, in his naivety... , can create himself a BIG security breach
So PLEASE plesk people, would you be so KIND to set a control on the domain name (with and without extension) in the password!?
And possibly force to request at least ONE upper char in the password? and non only the simple lenght of 12/13 chars?
Thanks!