Security error

DukaN · Sep 11th 2013

Hi,

My name Matt. I have found (probably) very critical security error

The fault is not encrypt FTP user password. How check it? Very simply

After loggin to phpMyAdmin (from root or other user from admin access), and go to imscp database, and go to frp_user table. Then you'll see a column rawpassword from password

I do not know if this is an error, but I wanted to report it

**flames** · Sep 11th 2013

Hi Matt,

thanks for report, this is ofcourse known to us and was a workaround for the web ftp client. also mail_users are not crypted of similar reason. it will be fixed some time.

mafioso · Sep 11th 2013

http://trac.i-mscp.net/ticket/826

DukaN · Sep 11th 2013

Thank you for your response

Topic to close

Thx

Security error

Share

Similar Threads

Mail Server confusion - Setup with dedicated IP number?

Security fix: phpMyAdmin 4.7.8 is released

PhpSwitcher force-last fail

VSFTPD / Net2FTP - FTP Login Problem

Spamassassin didn't install

autoinstaller::Adapter::DebianAdapter::_processAptRepositories: gpg: no valid OpenPGP data found.

Daily visitors