Facebook
Twitter
ghazlewood
Basic Pleskian
I have a Plesk 11.0.9 server (fully up-to-date) running Centos x86_64.
A client called today to say that they were having problems logging in to a protected directory with the usual username and password and additionally they had discovered that they could access a protected directory with the username only, leaving the password blank.
This is very worrying and of course immediately made me think something was up with the server. Checking the database directly I was expecting to see the pd_users table connected to the accounts table by id but the pd_users table has 0 for every account_id. Unless I am mistaken on the structure of the database something seems to be wrong here. Looking at the accounts table again I was expecting to see all passwords encrypted with the new $AES format but some are still using the crypt format and some are blank!
The client in question has been able to login correctly with their details in the past and although this client has been through several versions of Plesk (7, 8, 9 and 10) I am now worried that there is something inherently wrong with authentication on this server.
Anyone have any ideas or suggestions before I use the Mass Password Reset script to update all protected directories?
A client called today to say that they were having problems logging in to a protected directory with the usual username and password and additionally they had discovered that they could access a protected directory with the username only, leaving the password blank.
This is very worrying and of course immediately made me think something was up with the server. Checking the database directly I was expecting to see the pd_users table connected to the accounts table by id but the pd_users table has 0 for every account_id. Unless I am mistaken on the structure of the database something seems to be wrong here. Looking at the accounts table again I was expecting to see all passwords encrypted with the new $AES format but some are still using the crypt format and some are blank!
The client in question has been able to login correctly with their details in the past and although this client has been through several versions of Plesk (7, 8, 9 and 10) I am now worried that there is something inherently wrong with authentication on this server.
Anyone have any ideas or suggestions before I use the Mass Password Reset script to update all protected directories?
