How can I prevent Virtualmin from storing passwords in cleartext?

Posted by Josh on Server Fault See other posts from Server Fault or by Josh
Published on 2010-03-12T17:36:30Z Indexed on 2010/03/12 17:37 UTC
Read the original article Hit count: 283

Filed under:

virtualmin

|

webmin

|

cleartext

|

passwords

|

security

I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

© Server Fault or respective owner

Related posts about virtualmin

Virtualmin install failing on Rackspace Debian 5.0

as seen on Server Fault - Search for 'Server Fault'
Hi - Running the install.sh script as-is from Virtualmin (GPL version), I get a dovecot error after about 5.5mins of installation. I have tried this on several versions of the server - same error whether or not I run apt-get update +/- apt-get upgrade .... and whether or not I have the FQDN set. Here's… >>> More
Virtualmin install failing on Rackspace Debian 5.0

as seen on Server Fault - Search for 'Server Fault'
Hi - Running the install.sh script as-is from Virtualmin (GPL version), I get a dovecot error after about 5.5mins of installation. I have tried this on several versions of the server - same error whether or not I run apt-get update +/- apt-get upgrade .... and whether or not I have the FQDN set. Here's… >>> More
Virtualmin: "PHP execution via fcgid requires the Apache mod_fcgid module"

as seen on Server Fault - Search for 'Server Fault'
I have a CentOS server with Virtualmin on it. I have configured PHP the way I want it, using Apache mod_fastcgi. However, when I click "Re-check Config" in Virtualmin, I get PHP execution via fcgid requires the Apache mod_fcgid module This post says to change Default PHP execution mode to CGI, but… >>> More
Virtualmin "Command to run after making changes to a server" differentiate between add/edit/delete

as seen on Server Fault - Search for 'Server Fault'
I'm using Virtualmin, and I have a command set up under Virtualmin Module Config Actions Upon Server and user creation Command to run after making changes to a server This command is designed to perform a few additional steps after the account is set up. However, the action is called every time… >>> More
Postfix/ClamAV not stopping viruses under Virtualmin

as seen on Server Fault - Search for 'Server Fault'
I am using Virtualmin and have it set up to have Postfix scan incoming emails with ClamAV (using clamdscan) and delete any emails which contain a virus. However when I email myself the EICAR test string, it comes through just fine. I know ClamAV will report this file as a virus. How can I troubleshoot… >>> More

Related posts about webmin

Using a GoDaddy SSL certificate with Virtualmin (Webmin)

as seen on Server Fault - Search for 'Server Fault'
A client of mine decided to go ahead and move from a self-signed certificate to a commercial one ("GoDaddy Standard SSL"). The first service I wanted to move to the commercial SSL cert was Webmin/Usermin... However, upon migrating to the new SSL cert and restarting Webmin, I got the following error: [21/Oct/2012:13:12:47… >>> More
[Ubuntu 10.04 Desktop] Unable to get Webmin or Vboxdrv to auto start on boot

as seen on Server Fault - Search for 'Server Fault'
Ever since installing Ubuntu 10.04 I've had issues getting things to auto-start. I have installed webmin and VirtualBox but every time I reboot I have to manually run: sudo /etc/init.d/webmin start sudo /etc/init.d/vboxdrv start I have run: sudo update-rc.d -f webmin remove and then hodge@hodge-fs:~$… >>> More
Proxying webmin with nginx

as seen on Server Fault - Search for 'Server Fault'
I am attempting to proxy webmin behind nginx for various reasons that are outside the scope of this question. However I've been trying for a while now and can't seem to figure it out and think I'm to the point where I've exhausted all the permutations of the config file I can think of. What I have… >>> More
virturalmin webmin dose not respond

as seen on Server Fault - Search for 'Server Fault'
I have installed Virtualmin on a CentOS remote server, but it dose not seem to work https://115.146.95.118:10000/ at least the Webmin page dose not work. I have opened those ports http ALLOW 80:80 from 0.0.0.0/0 ALLOW 443:443 from 0.0.0.0/0 ssh ALLOW 22:22 from 0.0.0.0/0 virtualmin ALLOW 20000:20000… >>> More
Webmin and/or port 10000 not working

as seen on Server Fault - Search for 'Server Fault'
I've recently installed Webmin on a Ubuntu server but I can't get it to work. I asked a recent question about saving iptables but it turns out you don't need to "save" iptables changes. Anyway, I still can't get Webmin working after opening the port up: iptables -A INPUT -p tcp -m tcp --dport 10000… >>> More