• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Vulnerability in Plesk 7.5.*

B

BoXie

Guest
Hi ..

Probably known already .. but definitely NOT SAFE.

Issue:
--------
It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password.

When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess.

So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).
 
You must log in or register to reply here.

Similar threads

burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
2K
Peter Debik
P
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
13K
Andrew_Pa
A
V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
lvalics
Resolved CBL and PLESK
Replies
3
Views
3K
trialotto
T
L
Migrate to Plesk on AWS from Plesk, cPanel or DirectAdmin
Replies
0
Views
4K
Lukas Hertig
L
Back
Top