View Single Post
  #4  
Old 28th March 2006, 17:05
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Quote:
Originally Posted by olaus
does that code also affect the passwords for the web-login ( stored in mysql isp_isp_kunde:webadmin_passwort ) ?
those are anyway more vulnerable than the ones in /etc/shadow because mysql-access rights are enough to read them.
These are totally different passwords.

The password in the field isp_isp_kunde:webadmin_passwort is an md5 encrypted password of the client for the ISPConfig web interface. Do not mix them up with the /linux) user passwords this thread is about.

The client passwords are encrypted with totally different algorithms so they are not affected bythe issue described in this thread. Also we can not store passwords in /etc/shadow that we need for authentication in the web interface.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote