kb: technical
Plesk
how-to
Symptoms
- Vulnerability Assessment and Penetration Testing scanner alerts a breach in Plesk
Cause
AWS S3 IAM credentials are hardcoded in the Plesk pages
CONFIG_TEXT: Jsw.UAT.init({ ... ,"accessKeyId":"*********","secretAccessKey":"*****************************"," ... })
Resolution
Authentication is required to send data via Plesk User Activity tracking, thus it includes these credentials publicly in order for this function to work as intended. It is not considered a vulnerability, because the account credentials that are exposed have no harmful permissions - only anonymized technical data is gathered and sent via these credentials.
Disable this feature in order to pass vulnerability scanner checks:
Comments
0 comments
Please sign in to leave a comment.