I have been testing Virtualmin along other automation tool such as ISPConfig in order to handle shared hosting offering.
Bravo, very good overall!
I just tumble upon what looks like a major security issue with the subject’s components.
Here is the issue:
a) I created 3 virtual servers with their own domains
b) one of them required concrete5 CMS so while installing it I created a dba user with the proper permissions as well as phpMyadmin with the script installer
c) I’ve logged into the db created with ohoMyadmin and the dba user (not without access problems - I had to change the password many times)
Now to my surprise I realize that all databases are visible and manageable by default!
This is a major security flaw, isn’t it? Look like all virtual servers’ users have full permissions on all databases (all fields have Y in the main databases priviledges table)
What have I done wrong, I used 99% of the default settings?