Password retrieval
Is there an easy way to be able to retrieve a customer password from the WHM interface? I used to have a plesk server with a utility from 4psa that would grab all sorts of nice information for you, including retrieval of customer passwords, etc. That allows you to provide the customer with that info, should they request it. The only thing I can see in WHM is the ability to change the password.
I do not think it is possible to retrieve passwords at all, MD5 encryption
I would not want this to be possible anyway, if you ever have a server hacked, last thing you need is everyones passwords released
It isn't possible, they're one-way encrypted. The only way you could get it would be to brute-force the shadow file and that is no guarantee and can take hours/days/months/years.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
I guess that shows a little bit of a security hole in plesk then. 4psa notifications can retrieve every password stored that is used by plesk. if someone can admin login into your psa interface your screwed.
Exactly right, MD5 is a one way hash and can not be decrypted.Originally Posted by rmackay
I have never used Plesk but I have a tough time with the fact that the password files are accessible. As a Windows Network Administrator, I would be not very happy about it. I do not want/need/desire access to user passwords. Accountability to network or account access is a real "CYA" thing.
LinkBack URL
About LinkBacks
Reply With Quote