• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Vulnerability in Plesk 7.5.*

B

BoXie

Guest
Hi ..

Probably known already .. but definitely NOT SAFE.

Issue:
--------
It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password.

When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess.

So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).
 
You must log in or register to reply here.

Similar threads

T
Input Plesk Email Security - treatment of SPF softfail
Replies
2
Views
2K
TomBoB
T
M
Question mailenable - smtp spam
Replies
1
Views
1K
Peter Debik
P
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
16K
Peter Debik
P
E
How to Set up Your WordPress Website Security
Replies
0
Views
3K
Elvis Plesky
E
M
Question Spam sent by my server
Replies
12
Views
9K
MarkM
MarkM
Back
Top