In association with heise online

28 February 2007, 09:08

Plesk divulges access password

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in Plesk, a configuration tool for web servers and web hosting, may divulge Plesk's system password. The only thing you need to do is look for phpinfo and another string in a search in Yahoo or Google. Your password is then displayed in the hits along with data for the PHP and server configuration.

While the exact cause of the error is not known, the flaw apparently only occurs after an upgrade to Plesk 8.1 when the server has not been rebooted. A search conducted by heise Security for potentially vulnerable systems therefore only revealed a few hundred servers worldwide. The vendor Swsoft has been informed about the problem and has provided a hotfix that registered customers can download. The patch can also be installed via the autoupdate function. The developers of Plesk recommend changing the password.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit