How can I prevent Virtualmin from storing passwords in cleartext?

Posted by Josh on Server Fault See other posts from Server Fault or by Josh
Published on 2010-03-12T17:36:30Z Indexed on 2012/06/17 3:19 UTC
Read the original article Hit count: 437

Filed under:
|
|
|

I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

© Server Fault or respective owner

Related posts about security

Related posts about webmin