I have found a bug in ISPConfig.
Updating ISPConfig to the last version of the software I have noticed that the database users have the password hidden with the MD5 method.
The problem are the old users who have a clear password!
The upgrade doesn't update the clear passwords to the MD5 password.
Another bug is the check of the Remote Access Control. ISPConfig doesn't update the preferences set in the administration control panel.
I cannot share the user database credencials but I can tell you that some of these credencials in the web_database_user have not a password encrypted.
Please this is really important to solve.