Security suggestions

Hello, I was trying the other days to create a sub-server (aka a subdomain) with a separate extra-administrator, a very common scenario I guess - but a first for me. I never encountered so many issues with Virtualmin. So this are the things that are wrong:

  • when logged in as the extra admin of the sub-server, and after installing a script, the user and the master password of the domain/mysql are disclosed to the extra admin;
  • when logged in as extra admin of the subserver, with the default templates, the extra admin can go to Re-Send Signup Email and send himself the admin password.

Now: I know technically why this is happening, but it is not a good procedure. There isn’t one good reason for a logged in user to see the other users password, in no scenario. Who needs an “extra admin” who knows the admins user and password?

FTP was a problem also but I gave up Virtualmin in that respect for while now - everything is manual. Solved all of these but took me hours. Never mind the paranoia :slight_smile:

Thank you - hope was only my case.

you should make this a bug issue in the tracker so Jamie can do something about it.

I don’t think it’s a bug strictly speaking, more of a wish of changing the default behavior of Virtualmin in these respects. I solved these by disabling the installed scripts for the extra admin and by modifying the mails Virtualmin is sending - no password.

I couldn’t find a way to get rid of the resend signup mail in the left menu.

I’m sorry to see that no one takes interest in this :frowning: Am I the only one who thinks this is an issue?


The tracker Ronald mentioned is a good place for things like this :slight_smile:

With that, Jamie can review your concerns and go over some possible ways of handling that.