• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Vulnerability in Plesk 7.5.*

B

BoXie

Guest
Hi ..

Probably known already .. but definitely NOT SAFE.

Issue:
--------
It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password.

When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess.

So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).
 
You must log in or register to reply here.

Similar threads

burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
1K
Peter Debik
P
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
12K
Andrew_Pa
A
V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
lvalics
Resolved CBL and PLESK
Replies
3
Views
2K
trialotto
T
L
Migrate to Plesk on AWS from Plesk, cPanel or DirectAdmin
Replies
0
Views
4K
Lukas Hertig
L
Back
Top