Hacker Offers Plesk Exploit, Parallels Responds

(Ping! Zine Web Tech Magazine) – Websites running on hosting control panel Parallels Plesk could face a key security vulnerability. That is, if a new report proves true.

According to a blog post appearing on KrebsonSecurity.com, a hacker appearing on a forum has been selling an exploit for $8,000 dollars allegedly capable of hacking web presences operating on the control panel software. The exploit is said to affect Plesk version 10.4.4 and those older.

The security gap remained unpatched, noted the seller, according to the report. The blog post from KrebsonSecurity.com contained a screenshot from the forum. Features of the exploit appear to let the administrator perform remote code executions, read server files and print admin passwords.

Parallels has since responded to the claims. “Some recent vulnerability claims seem to be based on old vulnerabilities that already have been patched. We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated. We have not received any claims to confirm this vulnerability,” commented the company in a security advisory.

However, the hosting control panel provider did use the occasion to recommend that customers keep up to date with the latest software, pushing a download link for Parallels Plesk Panel 11. Software by Parallels is popular in the hosting community. Offerings by the company include desktop virtualization, automation and more.