Skip to main content

Plesk Admins Can Accidentally Relay Spam

posted onAugust 23, 2009
by hitbsecnews

Website administrators using the Parallels Plesk Panel, a web-hosting tool, should be very careful when thinking about activating the shortname authentication feature for all web services. If turned on, attackers could gain access to all shortname authenticated processes, including the SMTP server and use it to relay spam for their own attacks.

This vulnerability was disclosed by Felix Buenemann on a security-related mailing list, and was reproduced by the SecurityReason website. Mr. Buenemann had tried in many attempts to inform the Parallels technical department of this problem, but several mail filters kept bouncing his emails on all support addresses.

Source

Tags

Spam

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th