• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

Vulnerability in Plesk 7.5.*

B

BoXie

Guest
Hi ..

Probably known already .. but definitely NOT SAFE.

Issue:
--------
It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password.

When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess.

So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).
 
You must log in or register to reply here.

Similar threads

I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
622
iainh
I
M
Forwarded to devs Possible to create conflicting settings in mail address setup
Replies
2
Views
1K
Peter Debik
P
T
Input Plesk Email Security - treatment of SPF softfail
Replies
2
Views
3K
TomBoB
T
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
11K
Alex Presland
Alex Presland
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
16K
Peter Debik
P
Back
Top