- Plesk 11.x for Linux
- Plesk 11.x for Windows
- Plesk 12.0 for Windows
- Plesk 12.0 for Linux
A potential security vulnerability was found that impacts Parallels Plesk Panel for Linux 11, 11.5 and 12 preview.
A minor vulnerability in Plesk exists that can theoretically provide unauthorized users access to the content of the
file on Linux and the same secret key in the registry on Windows. You can read more about the foundation of this vulnerablilty and the astronomically large computational resources required for anything more than theoretical exploitation
Parallels confirms this vulnerability exists but exploit would require a nearly unattainable amount of computational resources to determine the necessary 16 byte random security number. Therefore, the threat posed by this vulnerability is extremely low.
Vulnerability has been fixed on April 29, 2014 in the following microupdates:
- Parallels Plesk Panel 11.5.30 MU#44
- Parallels Plesk Panel 11.0.9 MU#61
Parallels urges all customers to turn on automatic microupdates.