Database user password visible when editing databases in Virtualmin

Virtualmin
1
SYSTEM INFORMATION
OS type and version DEBIAN 12
Webmin version 2.303
Virtualmin version 7.30.8
Webserver version 2.4.62

In Webmin/Virtualmin, when editing a virtual server account, there is a field that displays the database password in plain text. This password should be hidden by default and only revealed when clicking an eye icon (show/hide password).

Displaying the password openly poses a security risk, especially in shared administrative environments. Is there a way to change this behavior, or could it be improved in a future update?

1 Like
2

Hello,

Thanks for the heads up!

Do you mean dudes peeking over the shoulder?

4

No, but the Db password is obfuscated with stars - it is visible in plain text only after the eye icon (show/hide password) unmasks it.

image
image721×390 25.4 KB

SYSTEM INFORMATION
OS type and version Debian Linux 11
Usermin version 2.203
Virtualmin version 7.30.8
Theme version 23.03
Apache version 2.4.62
Package updates All installed packages are up to date
5

I guess the OP means here

image
image1722×400 24.9 KB

but TBF I have never used this section in over a decade, I have never found a reason to do it. But I guess if you have given the root password to someone, you may wish to change it.
I would guess the best practice is to use the virtualmin module to change the user password, if you have given someone the user password

6

Oh, ok.

Cheers!

7

Hello, how are you?

For me, the password is shown by default. When I click the “eye” icon, it gets hidden. It seems to be reversed. Ideally, the password should be hidden at first and only shown when clicking the “eye” icon.

Best regards.

8

Normally it is, so I don’t understand why it’s reversed for you

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.