Storing plain text passwords

Alain_Cox · December 19, 2025, 9:41am

SYSTEM INFORMATION
OS type and version	Rocky Linux 9.7
Webmin version	2.610
Virtualmin version	7.50.2 GPL
Webserver version	Apache version 2.4.62
Related packages	password change in Usermin/Virutalmin vs password change via sent link to offsite mailaddress

situation 1:
When creating an email user in Virtualmin the plain text password is saved (as choosen in my server template - so this is good).
The file in /var/webmin/modules/virtual-server/plainpass/xxxxx is up-to-date for that user

situation 2:
When the user changes his password in Usermin the plain text password is saved (as choosen in my server template - so this is good).
The file in /var/webmin/modules/virtual-server/plainpass/xxxxx is up-to-date for that user

situation 3:
When the pasword is changed via the link sent by Virtualmin to an offsite mailaddress the plain text password is NOT saved (so this is - as I see it - a bug)
The file in /var/webmin/modules/virtual-server/plainpass/xxxxx is NOT up-to-date for that user

In previous versions (a few months ago) the password was also saved in the inbox.imap file (in the .usermin/mailbox/ directory) from that user. Now, this file is not updated anymore for existing users and - since a few months - the file is even not created when creating a new email user. I guess this file has become obsolete ?

In previous versions it was possible for a user to retreive his forgotten password by sending an email - with his password - to his offsite recovery mail address. Now it is only possible to change his password via the link sent in that email to the recovery address. This is situation 3 as described above.

When choosing for storing plain text passwords I believe the user must be able to receive an email with his forgotten password. For that it is of course necessary that there is at least one file on the server which holds the correct plaintext password. If there are 2 files (like the “old” inbox.imap file) both should be updated.

I hope this will be solved.

Alain

storing plain text passwords is chosen in server template and in server

Joe · December 19, 2025, 9:49am

I believe it was an intentional security fix to make password reset work in accordance with modern security standards, regardless of whether passwords are stored in plaintext or not. Saving them in plaintext in a place on root can reach them is quite a world apart from sending them via email (which is not guaranteed to be encrypted any any point in the chain, and almost certainly isn’t encrypted on the destination mail server). It’s a very risky practice to send plain text passwords…so, don’t do that.

I don’t think we’d want to revert that. It’s clearly an improvement for security, and resetting a password is considered standard practice for a lost password situation.

Alain_Cox · December 19, 2025, 10:31am

Dear Joe,

Thanks for the quick reply.

I am aware of the pro’s and cons of storing plain text passwords. I think it is up to us - the virtualmin/webmin users - to make that decision.

In general:
There are many many ways an hacker can steal passwords and I believe it is up to the users to secure their email inboxes and organize their security overall.

It is also the responsabilty of organizations in general to control who has access in their organization to certain information. In every organization, at one point, there will be always someone who can view sensitive information. That is true for financial, medical, … companies. It is also true for IT-companies.

But, it is not up to the Virtualmin users and developers to discuss this in depth. I believe there is the need to store plain text password like there is the need to have a knife in cutlery/silverware without having the discussion wether the knife can be harmful.

I really hope that Virtualmin will keep us giving the option to store plain text passwords and that it will give the users the option to mail the forgotten password to their recovery address.

Best regards,
Alain