• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Vulnerability in Plesk 7.5.*

B

BoXie

Guest
Hi ..

Probably known already .. but definitely NOT SAFE.

Issue:
--------
It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password.

When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess.

So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).
 
You must log in or register to reply here.

Similar threads

M
Question mailenable - smtp spam
Replies
1
Views
1K
Peter Debik
P
T
Input Plesk Email Security - treatment of SPF softfail
Replies
2
Views
2K
TomBoB
T
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
15K
Peter Debik
P
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
M
Question Spam sent by my server
Replies
12
Views
8K
MarkM
MarkM
Back
Top