Admin password is shown in plain text in Sitebuilder log

Created:

2016-11-16 12:40:56 UTC

Modified:

2017-04-24 11:05:19 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Admin password is shown in plain text in Sitebuilder log

Applicable to:

  • Plesk Sitebuilder 4.5 for Windows

Symptoms

  1. Plesk 9.0 and Sitebuilder 4.5 for Windows are installed on the same server.

  2. In Sitebuilder Log the following record can be found:

    SBResetPassword.exe admin PASSWORD -createadmin.
    

    Where PASSWORD is the password of Sitebuilder user admin in plain text.

Cause

This is a known security issue. It will be fixed in future updates of Sitebuilder.

Resolution

Disable logging of utility SBResetPassword.exe :

  • Before reconfiguration create a backup of the file:

    [sitebuilder\_base\_dir]\\Utils\\SBResetPassword.exe.config
    
  • Open the file with editor and comment this record in it:

    "appender-ref ref="DBlog"
    

    Where [sitebuilder\_base\_dir] is base directory, where Sitebuilder is installed to.

    [sitebuilder\_base\_dir]\\Utils\\SBResetPassword.exe.config

     < xml version="1.0"? >  
< !--
        Note: As an alternative to hand editing this file you can use the
        web admin tool to configure settings for your application. Use
        the Website- >Asp.Net Configuration option in Visual Studio.
        A full list of settings and comments can be found in
        machine.config.comments usually located in
        \\\\Windows\\\\Microsoft.Net\\\\Framework\\\\v2.x\\\\Config      
-->
< configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0" >
        < configSections >;
                < section name="log4net"
type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/ >
                < section name="siteRepository"
type="SWsoft.SiteBuilder.Repository.Site.SiteRepositoryConfigSection,
Repository.Site"/ >
                < section name="KAServerConfiguration"
type="System.Configuration.NameValueSectionHandler, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"
restartOnExternalChanges="true"/ >
        </configSections >
        <KAServerConfiguration >
                <add key="url" value="https://ka.odin.com:5224"/ >
                < add key="login" value="sb-win"/ >
                <add key="password" value="pmdgeryionDWPM6gzmplgRnbfgdfTqpm"/ >
                <add key="ignoreCertificateErrors" value="true"/ >
        </KAServerConfiguration >
        <log4net >
                <appender name="LogFile" type="log4net.Appender.FileAppender" >
                        <file value="C:\\\\Program
Files\\\\Parallels\\\\Plesk\\\\SiteBuilder\\\\\\_logs\\\\SBResetPassword.log"/ >
                        <appendToFile value="true"/ >
                        <layout type="log4net.Layout.PatternLayout" >
                                <conversionPattern value="%date [%thread]
%-5level %logger - %message%newline"/ >
                        </layout >
                </appender >
                <appender name="DBlog"
type="SWsoft.SiteBuilder.Common.Log.DBLogger, Sitebuilder.Common"/ >
                <root >
                        <level value="DEBUG"/ >
                        <appender-ref ref="LogFile"/ >
                        <!-- <appender-ref ref="DBlog"/ > -- >          <== this record
                </root >
        </log4net >
        < connectionStrings >
                <add name="WSBConnection" connectionString="Connect
Timeout=180;Data Source=localhost;User
Id=D836976A742949B1B30D3DC3E348DEBD;Pwd=747D358E96B64CEDA4898C077AF0F250WsB-5.0.0-forever!..;Database=sitebuilder2399E5FC7DD485645A366075FB6D0B17"/ >
        </connectionStrings >
        <appSettings file="appSettings.config" >
                <add key="RepositoryFolder" value="C:\\\\Program
Files\\\\Parallels\\\\Plesk\\\\SiteBuilder\\\\Repository"/ >
                <add key="SWSoftSiteUrl" value="http://www.swsoft.com" ></add >
                <add key="PreviewHostUrl"
value="tcp://localhost:1455/WebApplicationHost.rem"/ >
        </appSettings >
        <siteRepository path="C:\\\\Program
Files\\\\Parallels\\\\Plesk\\\\SiteBuilder\\\\Sites"/ >
</configuration >

IMPORTANT: The instructions above are valid only for Sitebuilder version 4.5 for Windows. Structure of configuration file SBResetPassword.exe.config is different in other versions.

Have more questions? Submit a request
Please sign in to leave a comment.